azure-ai-evaluation 1.3.0__py3-none-any.whl → 1.4.0__py3-none-any.whl

azure/ai/evaluation/_red_team/_red_team_result.py

@@ -0,0 +1,246 @@
+# ---------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# ---------------------------------------------------------
+from typing import Dict, List, Optional,  TypedDict
+import json
+
+class _RiskCategorySummary(TypedDict):
+    """Summary of attack success rates across risk categories."""
+    overall_asr: float
+    overall_total: int
+    overall_successful_attacks: int
+    hate_unfairness_asr: float
+    hate_unfairness_total: int
+    hate_unfairness_successful_attacks: int
+    violence_asr: float
+    violence_total: int
+    violence_successful_attacks: int
+    sexual_asr: float
+    sexual_total: int
+    sexual_successful_attacks: int
+    self_harm_asr: float
+    self_harm_total: int
+    self_harm_successful_attacks: int
+
+class _AttackTechniqueSummary(TypedDict):
+    """Summary of attack success rates across complexity levels."""
+    overall_asr: float
+    overall_total: int
+    overall_successful_attacks: int
+    baseline_asr: float
+    baseline_total: int
+    baseline_successful_attacks: int
+    easy_complexity_asr: float
+    easy_complexity_total: int
+    easy_complexity_successful_attacks: int
+    moderate_complexity_asr: float
+    moderate_complexity_total: int
+    moderate_complexity_successful_attacks: int
+    difficult_complexity_asr: float
+    difficult_complexity_total: int
+    difficult_complexity_successful_attacks: int
+
+class _JointRiskAttackSummaryItem(TypedDict):
+    """Summary of attack success rates for a specific risk category across complexity levels."""
+    risk_category: str
+    baseline_asr: float
+    easy_complexity_asr: float
+    moderate_complexity_asr: float
+    difficult_complexity_asr: float
+
+class _RedTeamingScorecard(TypedDict):
+    """TypedDict representation of a Red Team Agent scorecard with the updated structure.
+    
+    The scorecard contains four main sections:
+    - risk_category_summary: Overall metrics by risk category
+    - attack_technique_summary: Overall metrics by attack technique complexity
+    - joint_risk_attack_summary: Detailed metrics by risk category and complexity level
+    - detailed_joint_risk_attack_asr: Detailed ASR information broken down by complexity level, risk category, and converter
+    """
+    risk_category_summary: List[_RiskCategorySummary]
+    attack_technique_summary: List[_AttackTechniqueSummary]
+    joint_risk_attack_summary: List[_JointRiskAttackSummaryItem]
+    detailed_joint_risk_attack_asr: Dict[str, Dict[str, Dict[str, float]]]
+
+class _AttackObjectiveSource(TypedDict):
+    """Information about how attack objectives were generated."""
+    application_scenario: str
+    risk_categories: List[str]
+    custom_attack_seed_prompts: str
+    policy_document: str
+
+class _RedTeamingParameters(TypedDict):
+    """TypedDict representation of parameters used in a red team evaluation with the updated structure.
+    
+    This class defines the structure for capturing metadata about an evaluation run, including:
+    - attack_objective_generated_from: Information about the source of attack objectives
+    - attack_complexity: List of complexity levels used in the attacks (e.g., "Easy", "Moderate", "Difficult")
+    - techniques_used: Dictionary mapping complexity levels to lists of converter techniques used
+    """
+    attack_objective_generated_from: _AttackObjectiveSource
+    attack_complexity: List[str]
+    techniques_used: Dict[str, List[str]]
+
+class _RiskAssessment(TypedDict):
+    """Assessment of content safety risks in a conversation."""
+    violence: Dict[str, str]
+    sexual: Dict[str, str]
+    self_harm: Dict[str, str]
+    hate_unfair: Dict[str, str]
+
+class _Conversation(TypedDict):
+    """TypedDict representation of a simulated conversation in a red team evaluation.
+    
+    This class defines the structure for capturing information about a simulated conversation, including:
+    - attack_success: Whether the attack was successful
+    - attack_technique: The attack technique used in the conversation
+    - attack_complexity: The complexity level of the attack
+    - conversation: List of messages exchanged in the conversation
+    - risk_assessment: Dictionary containing content safety assessment for the conversation
+    """
+    attack_success: Optional[bool]
+    attack_technique: str
+    attack_complexity: str
+    risk_category: str
+    conversation: List[Dict[str, str]]
+    risk_assessment: Optional[_RiskAssessment]
+
+class _RedTeamResult(TypedDict):
+    """TypedDict representation of a Red Team Agent evaluation result with the updated structure.
+
+    This class defines the structure for capturing the results of a red team evaluation, including:
+    - redteaming_scorecard: Scorecard containing summary and detailed ASR information
+    - redteaming_parameters: Parameters containing metadata about the evaluation run
+    - redteaming_data: List of _Conversation objects representing the conversations in the evaluation
+    """
+    redteaming_scorecard: _RedTeamingScorecard
+    redteaming_parameters: _RedTeamingParameters
+    redteaming_data: List[_Conversation]
+    studio_url: Optional[str]
+
+class RedTeamOutput():
+    def __init__(self, red_team_result: Optional[_RedTeamResult] = None, redteaming_data: Optional[List[_Conversation]] = None):
+        self.red_team_result = red_team_result
+        self.redteaming_data = redteaming_data
+
+    def to_json(self) -> str:
+        """
+        Converts a _RedTeamResult object to a JSON-serializable dictionary.
+
+        :returns: A string containing the _RedTeamResult in JSON format.
+        :rtype: str
+        """
+        return json.dumps(self.red_team_result) if self.red_team_result else ""
+
+    def to_scorecard(self) -> Optional[_RedTeamingScorecard]:
+        """Extracts the scorecard from a _RedTeamResult object."""
+        return self.red_team_result.get("redteaming_scorecard", None) if self.red_team_result else None
+    
+    def to_eval_qr_json_lines(self) -> str:
+        """
+        Converts conversations in messages format to query-response format suitable for evaluation.
+        
+        The output format follows the JSONL pattern with each line containing:
+        {
+            "query": "user message content",
+            "response": "assistant message content",
+            "risk_category": "risk category",
+            "attack_strategy": "strategy name",
+            "attack_complexity": "complexity level",  
+            "attack_success": "true|false", (if available from evaluation)
+            "category": "risk category", (if available from evaluation)
+            "severity_level": "low|medium|high", (if available from evaluation)
+            "threshold": "threshold value" (if available from evaluation)
+        }
+        
+        :returns: A list of strings containing query-response pairs in JSONL format.
+        :rtype: List[str]
+        """
+        if not self.redteaming_data:
+            return ""
+            
+        result_lines = []
+        
+        for conversation in self.redteaming_data:
+            messages = conversation.get("conversation", [])
+            attack_technique = conversation.get("attack_technique", "")
+            attack_complexity = conversation.get("attack_complexity", "")
+            risk_category = conversation.get("risk_category", "")
+            attack_success = conversation.get("attack_success")
+            risk_assessment = conversation.get("risk_assessment", {})
+            
+            for i in range(0, len(messages) - 1, 2):
+                if i + 1 < len(messages):
+                    user_msg = messages[i]
+                    assistant_msg = messages[i + 1]
+                    
+                    if user_msg.get("role") == "user" and assistant_msg.get("role") == "assistant":
+                        # Create the base query-response pair
+                        qr_pair = {
+                            "query": user_msg.get("content", ""),
+                            "response": assistant_msg.get("content", ""),
+                            "risk_category": risk_category,
+                            "attack_strategy": attack_technique,
+                            "attack_complexity": attack_complexity
+                        }
+                        
+                        # Add evaluation data if available
+                        if attack_success is not None:
+                            qr_pair["attack_success"] = str(attack_success).lower()
+                        
+                        # Add risk assessment data if available
+                        for category, assessment in risk_assessment.items() if risk_assessment else {}:
+                            if assessment and assessment.get("severity_label", None):
+                                qr_pair["category"] = category
+                                qr_pair["severity_level"] = assessment.get("severity_label", "").lower()
+                                # Add threshold if available in the future
+                        
+                        result_lines.append(json.dumps(qr_pair))
+            
+        return result_lines
+    
+    def attack_simulation(self) -> str:
+        """
+        Returns the attack simulation data in a human-readable format.
+        :returns: A string containing the attack simulation data in a human-readable format.
+        :rtype: str
+        """
+        if not self.redteaming_data:
+            return ""
+        
+        result_lines = []
+        
+        for conversation in self.redteaming_data:
+            messages = conversation.get("conversation", [])
+            attack_technique = conversation.get("attack_technique", "")
+            attack_complexity = conversation.get("attack_complexity", "")
+            risk_category = conversation.get("risk_category", "")
+            attack_success = conversation.get("attack_success")
+            risk_assessment = conversation.get("risk_assessment", {})
+            
+            result_lines.append(f"Attack Technique: {attack_technique}")
+            result_lines.append(f"Attack Complexity: {attack_complexity}")
+            result_lines.append(f"Risk Category: {risk_category}")
+            result_lines.append("")
+            
+            for i in range(0, len(messages) - 1, 2):
+                if i + 1 < len(messages):
+                    user_msg = messages[i]
+                    assistant_msg = messages[i + 1]
+                    
+                    if user_msg.get("role") == "user" and assistant_msg.get("role") == "assistant":
+                        result_lines.append(f"User: {user_msg.get('content', '')}")
+                        result_lines.append(f"Assistant: {assistant_msg.get('content', '')}")
+                        result_lines.append("")
+            
+            if attack_success is not None:
+                result_lines.append(f"Attack Success: {'Successful' if attack_success else 'Failed'}")
+                result_lines.append("")
+            
+            for category, assessment in risk_assessment.items() if risk_assessment else {}:
+                if assessment and assessment.get("severity_label", None):
+                    result_lines.append(f"Category: {category}")
+                    result_lines.append(f"Severity Level: {assessment.get('severity_label', '')}")
+                    result_lines.append("")
+        
+        return "\n".join(result_lines)

azure/ai/evaluation/_red_team/_utils/__init__.py

@@ -0,0 +1,3 @@
+# ---------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# ---------------------------------------------------------

azure/ai/evaluation/_red_team/_utils/constants.py

@@ -0,0 +1,64 @@
+"""
+Constants used in Red Team Agent.
+"""
+
+import os
+# Update imports to use direct import from azure.ai.evaluation
+from azure.ai.evaluation import ViolenceEvaluator, HateUnfairnessEvaluator, SexualEvaluator, SelfHarmEvaluator
+from .._attack_strategy import AttackStrategy
+from .._attack_objective_generator import RiskCategory
+
+# File extensions
+BASELINE_IDENTIFIER = "baseline"
+DATA_EXT = ".jsonl"
+RESULTS_EXT = ".json"
+
+# Mapping of attack strategies to complexity levels
+
+ATTACK_STRATEGY_COMPLEXITY_MAP = {
+    str(AttackStrategy.Baseline.value): "baseline",
+    str(AttackStrategy.AnsiAttack.value): "easy",
+    str(AttackStrategy.AsciiArt.value): "easy",
+    str(AttackStrategy.AsciiSmuggler.value): "easy",
+    str(AttackStrategy.Atbash.value): "easy",
+    str(AttackStrategy.Base64.value): "easy",
+    str(AttackStrategy.Binary.value): "easy",
+    str(AttackStrategy.Caesar.value): "easy",
+    str(AttackStrategy.CharacterSpace.value): "easy",
+    str(AttackStrategy.CharSwap.value): "easy",
+    str(AttackStrategy.Diacritic.value): "easy",
+    str(AttackStrategy.Flip.value): "easy",
+    str(AttackStrategy.Leetspeak.value): "easy",
+    str(AttackStrategy.Morse.value): "easy",
+    str(AttackStrategy.ROT13.value): "easy",
+    str(AttackStrategy.SuffixAppend.value): "easy",
+    str(AttackStrategy.StringJoin.value): "easy",
+    str(AttackStrategy.UnicodeConfusable.value): "easy",
+    str(AttackStrategy.UnicodeSubstitution.value): "easy",
+    str(AttackStrategy.Url.value): "easy",
+    str(AttackStrategy.EASY.value): "easy", 
+    str(AttackStrategy.Tense.value): "moderate",
+    str(AttackStrategy.MODERATE.value): "moderate",
+    str(AttackStrategy.DIFFICULT.value): "difficult",
+    str(AttackStrategy.Jailbreak.value): "easy"
+}
+
+# Mapping of risk categories to their evaluators
+RISK_CATEGORY_EVALUATOR_MAP = {
+    RiskCategory.Violence: ViolenceEvaluator,
+    RiskCategory.HateUnfairness: HateUnfairnessEvaluator,
+    RiskCategory.Sexual: SexualEvaluator,
+    RiskCategory.SelfHarm: SelfHarmEvaluator
+}
+
+# Task timeouts and status codes
+INTERNAL_TASK_TIMEOUT = 120
+
+# Task status definitions
+TASK_STATUS = {
+    "PENDING": "pending",
+    "RUNNING": "running",
+    "COMPLETED": "completed",
+    "FAILED": "failed",
+    "TIMEOUT": "timeout"
+}

azure/ai/evaluation/_red_team/_utils/formatting_utils.py

@@ -0,0 +1,164 @@
+"""
+Utility functions for formatting, conversion, and processing in Red Team Agent.
+"""
+
+import json
+import pandas as pd
+import math
+from datetime import datetime
+from typing import Dict, List, Union, Any, Optional, cast
+from .._attack_strategy import AttackStrategy
+from .._red_team_result import _RedTeamResult
+from pyrit.models import ChatMessage
+
+
+def message_to_dict(message: ChatMessage) -> Dict[str, str]:
+    """Convert a ChatMessage to dictionary format.
+    
+    :param message: The chat message to convert
+    :type message: ChatMessage
+    :return: Dictionary representation with role and content
+    :rtype: Dict[str, str]
+    """
+    return {
+        "role": message.role,
+        "content": message.content,
+    }
+
+
+def get_strategy_name(attack_strategy: Union[AttackStrategy, List[AttackStrategy]]) -> str:
+    """Get a string name for an attack strategy or list of strategies.
+    
+    :param attack_strategy: The attack strategy or list of strategies
+    :type attack_strategy: Union[AttackStrategy, List[AttackStrategy]]
+    :return: A string name for the strategy
+    :rtype: str
+    """
+    if isinstance(attack_strategy, List):
+        return "_".join([str(strategy.value) for strategy in attack_strategy])
+    else:
+        return str(attack_strategy.value)
+
+
+def get_flattened_attack_strategies(attack_strategies: List[Union[AttackStrategy, List[AttackStrategy]]]) -> List[Union[AttackStrategy, List[AttackStrategy]]]:
+    """Flatten complex attack strategies into individual strategies.
+    
+    :param attack_strategies: List of attack strategies to flatten
+    :type attack_strategies: List[Union[AttackStrategy, List[AttackStrategy]]]
+    :return: Flattened list of attack strategies
+    :rtype: List[Union[AttackStrategy, List[AttackStrategy]]]
+    """
+    flattened_strategies = [] 
+    seen_strategies = set()
+    attack_strategies_temp = attack_strategies.copy()
+    
+    if AttackStrategy.EASY in attack_strategies_temp:
+        attack_strategies_temp.extend(
+            [
+                AttackStrategy.Base64, 
+                AttackStrategy.Flip, 
+                AttackStrategy.Morse
+            ]
+        )
+        attack_strategies_temp.remove(AttackStrategy.EASY)
+    
+    if AttackStrategy.MODERATE in attack_strategies_temp:
+        # TODO: change these before merging.
+        attack_strategies_temp.extend([
+            AttackStrategy.AsciiArt,
+            AttackStrategy.Compose([
+                AttackStrategy.Tense,
+                AttackStrategy.Flip
+            ]),
+        ])
+        attack_strategies_temp.remove(AttackStrategy.MODERATE)
+    if AttackStrategy.DIFFICULT in attack_strategies_temp:
+        # TODO: change these before merging.
+        attack_strategies_temp.extend([
+            AttackStrategy.Compose([
+                AttackStrategy.Tense,
+                AttackStrategy.Morse
+            ]),
+            AttackStrategy.Compose([
+                AttackStrategy.Morse,
+                AttackStrategy.Base64
+            ]),
+        ])
+        attack_strategies_temp.remove(AttackStrategy.DIFFICULT)
+
+    ## Baseline is always included    
+    attack_strategies_temp.append(AttackStrategy.Baseline)
+
+    for strategy in attack_strategies_temp:
+        if isinstance(strategy, List) and tuple(strategy) not in seen_strategies: # For composed strategies
+            flattened_strategies.append([s for s in strategy])
+            seen_strategies.add(tuple(strategy))
+        elif isinstance(strategy, AttackStrategy) and strategy not in seen_strategies: # For single strategies
+            flattened_strategies.append(strategy)
+            seen_strategies.add(strategy)
+    
+    return flattened_strategies
+
+
+def get_attack_success(result: str) -> bool:
+    """
+    Based on EVALUATION_PASS_FAIL_MAPPING, returns True denoting attack success if result matches the value of the EVALUATION_PASS_FAIL_MAPPING key False. 
+    """
+    from .._red_team import EVALUATION_PASS_FAIL_MAPPING
+    return result == EVALUATION_PASS_FAIL_MAPPING.get(False, "true")
+
+
+def format_scorecard(redteam_result: _RedTeamResult) -> str:
+    """Format the _RedTeamResult into a human-readable scorecard.
+    
+    The scorecard presents a summary of attack success rates across different risk categories
+    and attack complexity levels in a tabular format.
+
+    :param redteam_result: The _RedTeamResult object to format
+    :type redteam_result: Dict[str, Any]
+    :return: A formatted scorecard as a string
+    :rtype: str
+    """
+    scorecard = redteam_result["redteaming_scorecard"]
+    overall_asr = scorecard["risk_category_summary"][0]["overall_asr"] if scorecard["risk_category_summary"] else 0
+    
+    output = [f"Overall ASR: {overall_asr}%"]
+    
+    separator = "-" * 108
+    output.append(separator)
+    output.append(f"{'Risk Category':<15}| {'Baseline ASR':<14} | {'Easy-Complexity Attacks ASR':<28} | {'Moderate-Complexity Attacks ASR':<30} | {'Difficult-Complexity Attacks ASR':<30}")
+    output.append(separator)
+    
+    for item in scorecard["joint_risk_attack_summary"]:
+        risk_category = item["risk_category"].replace("_", "-").capitalize()
+        baseline = f"{item['baseline_asr']}%" if 'baseline_asr' in item else "N/A"
+        easy = f"{item['easy_complexity_asr']}%" if 'easy_complexity_asr' in item else "N/A"
+        moderate = f"{item['moderate_complexity_asr']}%" if 'moderate_complexity_asr' in item else "N/A"
+        difficult = f"{item['difficult_complexity_asr']}%" if 'difficult_complexity_asr' in item else "N/A"
+        
+        output.append(f"{risk_category:<15}| {baseline:<14} | {easy:<28} | {moderate:<31} | {difficult:<30}")
+    
+    return "\n".join(output)
+
+
+def is_none_or_nan(value: Any) -> bool:
+    """Check if a value is None or NaN."""
+    if value is None:
+        return True
+    if isinstance(value, float) and math.isnan(value):
+        return True
+    return False
+
+
+def list_mean_nan_safe(data_list: List[Any]) -> float:
+    """Calculate the mean of a list, handling None and NaN values safely.
+    
+    :param data_list: List of values to calculate mean for
+    :type data_list: List[Any]
+    :return: Mean value or 0.0 if list is empty after filtering
+    :rtype: float
+    """
+    filtered_list = [x for x in data_list if not is_none_or_nan(x)]
+    if not filtered_list:
+        return 0.0
+    return sum(filtered_list) / len(filtered_list)

azure/ai/evaluation/_red_team/_utils/logging_utils.py

@@ -0,0 +1,139 @@
+"""
+Logging utilities for Red Team Agent.
+
+This module provides consistent logging configuration and helper functions
+for logging throughout the Red Team Agent.
+"""
+
+import logging
+import os
+from datetime import datetime
+
+
+def setup_logger(logger_name="RedTeamLogger", output_dir=None):
+    """Configure and return a logger instance for the Red Team Agent.
+    
+    Creates two handlers:
+    - File handler: Captures all logs at DEBUG level
+    - Console handler: Shows WARNING and above for better visibility
+    
+    :param logger_name: Name to use for the logger
+    :type logger_name: str
+    :param output_dir: Directory to store log files in. If None, logs are stored in current directory.
+    :type output_dir: Optional[str]
+    :return: The configured logger instance
+    :rtype: logging.Logger
+    """
+    # Format matches what's expected in test_setup_logger
+    log_filename = "redteam.log"
+    
+    # If output directory is specified, create path with that directory
+    if output_dir:
+        os.makedirs(output_dir, exist_ok=True)
+        log_filepath = os.path.join(output_dir, log_filename)
+    else:
+        log_filepath = log_filename
+    
+    logger = logging.getLogger(logger_name)
+    logger.setLevel(logging.DEBUG)
+    
+    # Clear any existing handlers (in case logger was already configured)
+    if logger.handlers:
+        for handler in logger.handlers:
+            logger.removeHandler(handler)
+            
+    # File handler - captures all logs at DEBUG level with detailed formatting
+    file_handler = logging.FileHandler(log_filepath)
+    file_handler.setLevel(logging.DEBUG)
+    file_formatter = logging.Formatter('%(asctime)s - %(levelname)s - %(name)s - %(message)s')
+    file_handler.setFormatter(file_formatter)
+    logger.addHandler(file_handler)
+    
+    # Console handler - shows only WARNING and above to reduce output but keep important messages
+    console_handler = logging.StreamHandler()
+    console_handler.setLevel(logging.WARNING)
+    console_formatter = logging.Formatter('%(levelname)s: %(message)s')
+    console_handler.setFormatter(console_formatter)
+    logger.addHandler(console_handler)
+    
+    # Don't propagate to root logger to avoid duplicate logs
+    logger.propagate = False
+    
+    return logger
+
+
+def log_section_header(logger, section_title):
+    """Log a section header to improve log readability.
+    
+    :param logger: The logger instance
+    :type logger: logging.Logger
+    :param section_title: The title of the section
+    :type section_title: str
+    """
+    logger.debug("=" * 80)
+    logger.debug(section_title.upper())
+    logger.debug("=" * 80)
+
+
+def log_subsection_header(logger, section_title):
+    """Log a subsection header to improve log readability.
+    
+    :param logger: The logger instance
+    :type logger: logging.Logger
+    :param section_title: The title of the subsection
+    :type section_title: str
+    """
+    logger.debug("-" * 60)
+    logger.debug(section_title)
+    logger.debug("-" * 60)
+
+
+def log_strategy_start(logger, strategy_name, risk_category):
+    """Log the start of a strategy processing.
+    
+    :param logger: The logger instance
+    :type logger: logging.Logger
+    :param strategy_name: The name of the strategy
+    :type strategy_name: str
+    :param risk_category: The risk category being processed
+    :type risk_category: str
+    """
+    logger.info(f"Starting processing of {strategy_name} strategy for {risk_category} risk category")
+
+
+def log_strategy_completion(logger, strategy_name, risk_category, elapsed_time=None):
+    """Log the completion of a strategy processing.
+    
+    :param logger: The logger instance
+    :type logger: logging.Logger
+    :param strategy_name: The name of the strategy
+    :type strategy_name: str
+    :param risk_category: The risk category being processed
+    :type risk_category: str
+    :param elapsed_time: The time taken to process, if available
+    :type elapsed_time: float
+    """
+    if elapsed_time:
+        logger.info(f"Completed {strategy_name} strategy for {risk_category} risk category in {elapsed_time:.2f}s")
+    else:
+        logger.info(f"Completed {strategy_name} strategy for {risk_category} risk category")
+
+
+def log_error(logger, message, exception=None, context=None):
+    """Log an error with additional context if available.
+    
+    :param logger: The logger instance
+    :type logger: logging.Logger
+    :param message: The error message
+    :type message: str
+    :param exception: The exception that was raised, if any
+    :type exception: Exception
+    :param context: Additional context about where the error occurred
+    :type context: str
+    """
+    error_msg = message
+    if context:
+        error_msg = f"[{context}] {error_msg}"
+    if exception:
+        error_msg = f"{error_msg}: {str(exception)}"
+    logger.error(error_msg)