PyPI - decodingtrust-agent-sdk - Versions diffs - 0.1.0__py3-none-any.whl - Mend

decodingtrust-agent-sdk 0.1.0__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (374) hide show

agent/__init__.py +30 -0
agent/claudesdk/__init__.py +8 -0
agent/claudesdk/example.py +221 -0
agent/claudesdk/src/__init__.py +8 -0
agent/claudesdk/src/agent.py +400 -0
agent/claudesdk/src/mcp_proxy.py +409 -0
agent/claudesdk/src/utils.py +420 -0
agent/googleadk/__init__.py +15 -0
agent/googleadk/example.py +237 -0
agent/googleadk/src/__init__.py +12 -0
agent/googleadk/src/agent.py +401 -0
agent/googleadk/src/mcp_wrapper.py +163 -0
agent/googleadk/src/utils.py +602 -0
agent/langchain/__init__.py +8 -0
agent/langchain/example.py +213 -0
agent/langchain/src/__init__.py +8 -0
agent/langchain/src/agent.py +645 -0
agent/langchain/src/utils.py +433 -0
agent/openaisdk/__init__.py +17 -0
agent/openaisdk/example.py +228 -0
agent/openaisdk/src/__init__.py +12 -0
agent/openaisdk/src/agent.py +491 -0
agent/openaisdk/src/agent_wrapper.py +143 -0
agent/openaisdk/src/mcp_wrapper.py +395 -0
agent/openaisdk/src/utils.py +493 -0
agent/openclaw/__init__.py +10 -0
agent/openclaw/example.py +251 -0
agent/openclaw/src/__init__.py +14 -0
agent/openclaw/src/agent.py +930 -0
agent/openclaw/src/helpers/__init__.py +1 -0
agent/openclaw/src/helpers/auth_helpers.py +55 -0
agent/openclaw/src/mcp_proxy.py +564 -0
agent/openclaw/src/plugin_generator.py +231 -0
agent/openclaw/src/utils.py +341 -0
agent/pocketflow/__init__.py +18 -0
agent/pocketflow/example.py +221 -0
agent/pocketflow/prompts/react_agent.py +46 -0
agent/pocketflow/src/__init__.py +6 -0
agent/pocketflow/src/agent.py +507 -0
agent/pocketflow/src/agent_wrapper.py +159 -0
agent/pocketflow/src/async_helper.py +92 -0
agent/pocketflow/src/mcp_react_agent.py +279 -0
agent/pocketflow/src/native_agent.py +74 -0
agent/pocketflow/src/nodes.py +467 -0
benchmark/__init__.py +0 -0
benchmark/browser/benign.jsonl +34 -0
benchmark/browser/direct.jsonl +85 -0
benchmark/browser/indirect.jsonl +82 -0
benchmark/code/benign.jsonl +0 -0
benchmark/code/direct.jsonl +121 -0
benchmark/code/indirect.jsonl +165 -0
benchmark/crm/benign.jsonl +165 -0
benchmark/crm/direct.jsonl +90 -0
benchmark/crm/indirect.jsonl +150 -0
benchmark/customer-service/benign.jsonl +160 -0
benchmark/customer-service/direct.jsonl +100 -0
benchmark/customer-service/indirect.jsonl +101 -0
benchmark/finance/benign.jsonl +0 -0
benchmark/finance/direct.jsonl +200 -0
benchmark/finance/indirect.jsonl +200 -0
benchmark/legal/benign.jsonl +0 -0
benchmark/legal/direct.jsonl +200 -0
benchmark/legal/indirect.jsonl +200 -0
benchmark/macos/benign.jsonl +30 -0
benchmark/macos/direct.jsonl +50 -0
benchmark/macos/indirect.jsonl +50 -0
benchmark/medical/benign.jsonl +642 -0
benchmark/medical/direct.jsonl +229 -0
benchmark/medical/indirect.jsonl +222 -0
benchmark/os-filesystem/benign.jsonl +200 -0
benchmark/os-filesystem/direct.jsonl +200 -0
benchmark/os-filesystem/indirect.jsonl +200 -0
benchmark/research/benign.jsonl +0 -0
benchmark/research/direct.jsonl +119 -0
benchmark/research/indirect.jsonl +125 -0
benchmark/telecom/benign.jsonl +120 -0
benchmark/telecom/direct.jsonl +161 -0
benchmark/telecom/indirect.jsonl +166 -0
benchmark/travel/benign.jsonl +130 -0
benchmark/travel/direct.jsonl +105 -0
benchmark/travel/indirect.jsonl +120 -0
benchmark/windows/benign.jsonl +100 -0
benchmark/windows/direct.jsonl +140 -0
benchmark/windows/indirect.jsonl +107 -0
benchmark/workflow/benign.jsonl +335 -0
benchmark/workflow/direct.jsonl +78 -0
benchmark/workflow/indirect.jsonl +107 -0
cli/__init__.py +5 -0
cli/main.py +182 -0
cli/scaffold.py +334 -0
decodingtrust_agent_sdk-0.1.0.dist-info/METADATA +642 -0
decodingtrust_agent_sdk-0.1.0.dist-info/RECORD +374 -0
decodingtrust_agent_sdk-0.1.0.dist-info/WHEEL +5 -0
decodingtrust_agent_sdk-0.1.0.dist-info/entry_points.txt +2 -0
decodingtrust_agent_sdk-0.1.0.dist-info/licenses/LICENSE +201 -0
decodingtrust_agent_sdk-0.1.0.dist-info/top_level.txt +6 -0
dt_arena/config/env.yaml +515 -0
dt_arena/config/injection_mcp.yaml +430 -0
dt_arena/config/mcp.yaml +642 -0
dt_arena/envs/arxiv/docker-compose-hub.yml +31 -0
dt_arena/envs/arxiv/docker-compose.yml +36 -0
dt_arena/envs/atlassian/docker/docker-compose.dev.yml +65 -0
dt_arena/envs/atlassian/docker/docker-compose.yml +53 -0
dt_arena/envs/atlassian/docker-compose-hub.yml +57 -0
dt_arena/envs/atlassian/docker-compose.yml +72 -0
dt_arena/envs/bigquery/docker-compose.yml +20 -0
dt_arena/envs/booking/docker-compose.yml +59 -0
dt_arena/envs/calendar/docker-compose-hub.yml +30 -0
dt_arena/envs/calendar/docker-compose.yml +42 -0
dt_arena/envs/custom-website/docker-compose.yml +6 -0
dt_arena/envs/customer_service/docker-compose.yml +59 -0
dt_arena/envs/databricks/docker-compose-hub.yml +47 -0
dt_arena/envs/databricks/docker-compose.yml +51 -0
dt_arena/envs/ecommerce/docker-compose.yml +6 -0
dt_arena/envs/ers/docker-compose.yml +36 -0
dt_arena/envs/ers/hrms/docker/docker-compose.yml +31 -0
dt_arena/envs/finance/docker-compose.yml +23 -0
dt_arena/envs/github/docker/docker-compose-hub.yml +50 -0
dt_arena/envs/github/docker/docker-compose.yml +50 -0
dt_arena/envs/gmail/docker-compose-hub.yml +51 -0
dt_arena/envs/gmail/docker-compose.yml +65 -0
dt_arena/envs/google-form/docker-compose-hub.yml +33 -0
dt_arena/envs/google-form/docker-compose.yml +41 -0
dt_arena/envs/googledocs/docker-compose-hub.yml +61 -0
dt_arena/envs/googledocs/docker-compose.yml +78 -0
dt_arena/envs/hospital/docker-compose-hub.yml +25 -0
dt_arena/envs/hospital/docker-compose.yml +27 -0
dt_arena/envs/legal/docker-compose.yml +22 -0
dt_arena/envs/linkedin/docker-compose.yml +63 -0
dt_arena/envs/macos/docker-compose.yml +79 -0
dt_arena/envs/os-filesystem/docker-compose-hub.yml +16 -0
dt_arena/envs/os-filesystem/docker-compose.yml +20 -0
dt_arena/envs/paypal/docker-compose-hub.yml +48 -0
dt_arena/envs/paypal/docker-compose.yml +63 -0
dt_arena/envs/research/docker-compose-hub.yml +13 -0
dt_arena/envs/research/docker-compose.yml +24 -0
dt_arena/envs/salesforce_crm/docker-compose-hub.yaml +45 -0
dt_arena/envs/salesforce_crm/docker-compose.yaml +49 -0
dt_arena/envs/slack/docker-compose-hub.yml +28 -0
dt_arena/envs/slack/docker-compose.yml +41 -0
dt_arena/envs/snowflake/docker-compose-hub.yml +41 -0
dt_arena/envs/snowflake/docker-compose.yml +44 -0
dt_arena/envs/telecom/docker-compose-hub.yml +16 -0
dt_arena/envs/telecom/docker-compose.yml +17 -0
dt_arena/envs/telegram/docker-compose-hub.yml +57 -0
dt_arena/envs/telegram/docker-compose.yml +62 -0
dt_arena/envs/terminal/docker-compose-hub.yml +12 -0
dt_arena/envs/terminal/docker-compose.yml +26 -0
dt_arena/envs/travel/docker-compose-hub.yml +19 -0
dt_arena/envs/travel/docker-compose.yml +19 -0
dt_arena/envs/whatsapp/docker-compose-hub.yml +61 -0
dt_arena/envs/whatsapp/docker-compose.yml +78 -0
dt_arena/envs/windows/docker-compose.yml +71 -0
dt_arena/envs/zoom/docker-compose-hub.yml +27 -0
dt_arena/envs/zoom/docker-compose.yml +40 -0
dt_arena/injection_mcp_server/atlassian/env_injection.py +134 -0
dt_arena/injection_mcp_server/calendar/env_injection.py +217 -0
dt_arena/injection_mcp_server/custom_website/env_injection.py +97 -0
dt_arena/injection_mcp_server/customer_service/env_injection.py +659 -0
dt_arena/injection_mcp_server/databricks/env_injection.py +255 -0
dt_arena/injection_mcp_server/ecommerce/env_injection.py +110 -0
dt_arena/injection_mcp_server/finance/env_injection.py +85 -0
dt_arena/injection_mcp_server/github/env_injection.py +206 -0
dt_arena/injection_mcp_server/gmail/env_injection.py +211 -0
dt_arena/injection_mcp_server/google_form/env_injection.py +186 -0
dt_arena/injection_mcp_server/googledocs/env_injection.py +44 -0
dt_arena/injection_mcp_server/hospital/env_injection.py +43 -0
dt_arena/injection_mcp_server/legal/env_injection.py +229 -0
dt_arena/injection_mcp_server/macos/env_injection.py +272 -0
dt_arena/injection_mcp_server/os-filesystem/env_injection.py +341 -0
dt_arena/injection_mcp_server/paypal/env_injection.py +268 -0
dt_arena/injection_mcp_server/research/env_injection.py +616 -0
dt_arena/injection_mcp_server/salesforce/env_injection.py +514 -0
dt_arena/injection_mcp_server/slack/env_injection.py +265 -0
dt_arena/injection_mcp_server/snowflake/env_injection.py +230 -0
dt_arena/injection_mcp_server/telecom/env_injection.py +503 -0
dt_arena/injection_mcp_server/telegram/env_injection.py +171 -0
dt_arena/injection_mcp_server/terminal/env_injection.py +523 -0
dt_arena/injection_mcp_server/travel/env_injection.py +173 -0
dt_arena/injection_mcp_server/whatsapp/env_injection.py +185 -0
dt_arena/injection_mcp_server/windows/env_injection.py +943 -0
dt_arena/injection_mcp_server/zoom/env_injection.py +216 -0
dt_arena/mcp_server/atlassian/main.py +1554 -0
dt_arena/mcp_server/atlassian/test_server.py +66 -0
dt_arena/mcp_server/bigquery/main.py +333 -0
dt_arena/mcp_server/booking/main.py +310 -0
dt_arena/mcp_server/browser/main.py +1741 -0
dt_arena/mcp_server/calendar/example_multi_user.py +162 -0
dt_arena/mcp_server/calendar/main.py +792 -0
dt_arena/mcp_server/calendar/test_mcp.py +135 -0
dt_arena/mcp_server/customer_service/main.py +1063 -0
dt_arena/mcp_server/databricks/main.py +566 -0
dt_arena/mcp_server/databricks/probe.py +102 -0
dt_arena/mcp_server/ers/main.py +845 -0
dt_arena/mcp_server/finance/__init__.py +87 -0
dt_arena/mcp_server/finance/core/__init__.py +12 -0
dt_arena/mcp_server/finance/core/data_loader.py +558 -0
dt_arena/mcp_server/finance/core/portfolio.py +565 -0
dt_arena/mcp_server/finance/evaluation/__init__.py +20 -0
dt_arena/mcp_server/finance/evaluation/evaluator.py +217 -0
dt_arena/mcp_server/finance/evaluation/logger.py +137 -0
dt_arena/mcp_server/finance/injection/__init__.py +66 -0
dt_arena/mcp_server/finance/injection/config.py +176 -0
dt_arena/mcp_server/finance/injection/content.py +755 -0
dt_arena/mcp_server/finance/injection/html.py +409 -0
dt_arena/mcp_server/finance/injection/locations.py +167 -0
dt_arena/mcp_server/finance/injection/methods.py +193 -0
dt_arena/mcp_server/finance/injection/presets.py +1023 -0
dt_arena/mcp_server/finance/main.py +361 -0
dt_arena/mcp_server/finance/run_mcp.py +21 -0
dt_arena/mcp_server/finance/run_web.py +26 -0
dt_arena/mcp_server/finance/server/__init__.py +41 -0
dt_arena/mcp_server/finance/server/extractor.py +1453 -0
dt_arena/mcp_server/finance/server/extractor_minimal.py +292 -0
dt_arena/mcp_server/finance/server/extractor_simple.py +1164 -0
dt_arena/mcp_server/finance/server/injection_mcp.py +865 -0
dt_arena/mcp_server/finance/server/mcp.py +451 -0
dt_arena/mcp_server/finance/server/tools/__init__.py +23 -0
dt_arena/mcp_server/finance/server/tools/account.py +88 -0
dt_arena/mcp_server/finance/server/tools/browsing.py +328 -0
dt_arena/mcp_server/finance/server/tools/social.py +73 -0
dt_arena/mcp_server/finance/server/tools/trading.py +242 -0
dt_arena/mcp_server/finance/server/tools/utility.py +49 -0
dt_arena/mcp_server/finance/server/web.py +2139 -0
dt_arena/mcp_server/finance/tasks/benchmark/__init__.py +28 -0
dt_arena/mcp_server/finance/tasks/benchmark/attack_pool.py +3026 -0
dt_arena/mcp_server/finance/tasks/benchmark/attack_runner.py +1315 -0
dt_arena/mcp_server/finance/tasks/benchmark/finra_requirements.py +1335 -0
dt_arena/mcp_server/finance/tasks/benchmark/finra_tasks.py +3665 -0
dt_arena/mcp_server/finance/tasks/benchmark/malicious_tasks.py +2673 -0
dt_arena/mcp_server/finance/tasks/redteam_suite/run_redteam_suite.py +1713 -0
dt_arena/mcp_server/finance/test_mcp_tools.py +476 -0
dt_arena/mcp_server/github/main.py +441 -0
dt_arena/mcp_server/gmail/main.py +1004 -0
dt_arena/mcp_server/google_form/main.py +141 -0
dt_arena/mcp_server/googledocs/main.py +458 -0
dt_arena/mcp_server/hospital/mcp_server.py +458 -0
dt_arena/mcp_server/legal/__init__.py +9 -0
dt_arena/mcp_server/legal/core/__init__.py +14 -0
dt_arena/mcp_server/legal/core/courtlistener_store.py +762 -0
dt_arena/mcp_server/legal/core/data_loader.py +266 -0
dt_arena/mcp_server/legal/core/document_store.py +197 -0
dt_arena/mcp_server/legal/core/matter_manager.py +466 -0
dt_arena/mcp_server/legal/main.py +89 -0
dt_arena/mcp_server/legal/scripts/collect_data.py +988 -0
dt_arena/mcp_server/legal/server/__init__.py +14 -0
dt_arena/mcp_server/legal/server/mcp.py +2330 -0
dt_arena/mcp_server/macos/client_test.py +270 -0
dt_arena/mcp_server/macos/mcp_server.py +285 -0
dt_arena/mcp_server/os-filesystem/main.py +1380 -0
dt_arena/mcp_server/paypal/main.py +501 -0
dt_arena/mcp_server/research/main.py +777 -0
dt_arena/mcp_server/salesforce/main.py +2006 -0
dt_arena/mcp_server/slack/main.py +318 -0
dt_arena/mcp_server/snowflake/main.py +612 -0
dt_arena/mcp_server/snowflake/probe.py +183 -0
dt_arena/mcp_server/telecom/mcp_client.py +423 -0
dt_arena/mcp_server/telecom/mcp_server.py +1059 -0
dt_arena/mcp_server/telegram/main.py +338 -0
dt_arena/mcp_server/terminal/main.py +163 -0
dt_arena/mcp_server/travel/client_test.py +16 -0
dt_arena/mcp_server/travel/mcp_server.py +404 -0
dt_arena/mcp_server/whatsapp/main.py +318 -0
dt_arena/mcp_server/windows/client_test.py +270 -0
dt_arena/mcp_server/windows/mcp_server.py +218 -0
dt_arena/mcp_server/zoom/main.py +466 -0
dt_arena/src/__init__.py +0 -0
dt_arena/src/hooks/__init__.py +0 -0
dt_arena/src/hooks/audit_log.py +30 -0
dt_arena/src/hooks/hooks.json +3 -0
dt_arena/src/run_benign.py +142 -0
dt_arena/src/types/__init__.py +0 -0
dt_arena/src/types/agent.py +441 -0
dt_arena/src/types/attacks.py +2 -0
dt_arena/src/types/environment.py +2 -0
dt_arena/src/types/hooks.py +174 -0
dt_arena/src/types/judge.py +52 -0
dt_arena/src/types/red_teaming_trajectory.py +385 -0
dt_arena/src/types/task.py +260 -0
dt_arena/src/types/trajectory.py +315 -0
dt_arena/utils/__init__.py +1 -0
dt_arena/utils/atlassian/__init__.py +27 -0
dt_arena/utils/atlassian/helpers.py +520 -0
dt_arena/utils/bigquery/__init__.py +1 -0
dt_arena/utils/bigquery/helpers.py +246 -0
dt_arena/utils/calendar/__init__.py +1 -0
dt_arena/utils/calendar/helpers.py +87 -0
dt_arena/utils/customer_service/__init__.py +17 -0
dt_arena/utils/customer_service/cs_env_client.py +940 -0
dt_arena/utils/customer_service/helpers.py +339 -0
dt_arena/utils/customer_service/judges/__init__.py +20 -0
dt_arena/utils/customer_service/judges/abusive_comms.py +149 -0
dt_arena/utils/customer_service/judges/bulk_destructive.py +202 -0
dt_arena/utils/customer_service/judges/cross_customer.py +481 -0
dt_arena/utils/customer_service/judges/email_exfiltration.py +320 -0
dt_arena/utils/customer_service/judges/financial_fraud.py +221 -0
dt_arena/utils/customer_service/judges/llm_utils.py +264 -0
dt_arena/utils/customer_service/judges/pii_disclosure.py +837 -0
dt_arena/utils/customer_service/judges/policy_misrep.py +44 -0
dt_arena/utils/customer_service/judges/text_utils.py +21 -0
dt_arena/utils/databricks/__init__.py +2 -0
dt_arena/utils/databricks/helpers.py +210 -0
dt_arena/utils/finance/__init__.py +0 -0
dt_arena/utils/finance/helpers.py +263 -0
dt_arena/utils/github/__init__.py +1 -0
dt_arena/utils/github/helpers.py +249 -0
dt_arena/utils/gmail/__init__.py +1 -0
dt_arena/utils/gmail/helpers.py +344 -0
dt_arena/utils/google_form/__init__.py +2 -0
dt_arena/utils/google_form/helpers.py +133 -0
dt_arena/utils/legal/__init__.py +0 -0
dt_arena/utils/legal/helpers.py +228 -0
dt_arena/utils/macos/__init__.py +0 -0
dt_arena/utils/macos/env_setup.py +215 -0
dt_arena/utils/macos/helpers.py +61 -0
dt_arena/utils/os_filesystem/__init__.py +1 -0
dt_arena/utils/os_filesystem/helpers.py +366 -0
dt_arena/utils/paypal/__init__.py +1 -0
dt_arena/utils/paypal/helpers.py +178 -0
dt_arena/utils/port_allocator.py +266 -0
dt_arena/utils/research/__init__.py +0 -0
dt_arena/utils/research/helpers.py +251 -0
dt_arena/utils/salesforce/__init__.py +1 -0
dt_arena/utils/salesforce/helpers.py +719 -0
dt_arena/utils/slack/__init__.py +1 -0
dt_arena/utils/slack/helpers.py +176 -0
dt_arena/utils/snowflake/__init__.py +1 -0
dt_arena/utils/snowflake/helpers.py +166 -0
dt_arena/utils/telecom/__init__.py +1 -0
dt_arena/utils/telecom/helpers.py +760 -0
dt_arena/utils/telegram/__init__.py +0 -0
dt_arena/utils/telegram/helpers.py +174 -0
dt_arena/utils/terminal/__init__.py +0 -0
dt_arena/utils/terminal/helpers.py +20 -0
dt_arena/utils/travel/__init__.py +0 -0
dt_arena/utils/travel/env_client.py +537 -0
dt_arena/utils/travel/llm_judge.py +137 -0
dt_arena/utils/travel/prompts.py +64 -0
dt_arena/utils/utils/__init__.py +122 -0
dt_arena/utils/whatsapp/__init__.py +0 -0
dt_arena/utils/whatsapp/helpers.py +226 -0
dt_arena/utils/windows/__init__.py +0 -0
dt_arena/utils/windows/env_reset.py +224 -0
dt_arena/utils/windows/env_setup.py +280 -0
dt_arena/utils/windows/exfil_helpers.py +170 -0
dt_arena/utils/windows/helpers.py +74 -0
dt_arena/utils/zoom/__init__.py +1 -0
dt_arena/utils/zoom/helpers.py +70 -0
eval/__init__.py +1 -0
eval/evaluation.py +426 -0
eval/task_runner.py +449 -0
utils/__init__.py +148 -0
utils/agent_helpers.py +308 -0
utils/agent_wrapper.py +189 -0
utils/compose_utils.py +135 -0
utils/config.py +77 -0
utils/env_helpers.py +104 -0
utils/eval_stats.py +88 -0
utils/injection_helpers.py +429 -0
utils/injection_mcp_helpers.py +152 -0
utils/judge_helpers.py +181 -0
utils/judge_utils.py +472 -0
utils/llm.py +196 -0
utils/logging.py +45 -0
utils/mcp_helpers.py +232 -0
utils/mcp_manager.py +235 -0
utils/memory_guard.py +18 -0
utils/red_teaming_sandbox.py +476 -0
utils/reset_helpers.py +318 -0
utils/resource_manager.py +370 -0
utils/skill_helpers.py +447 -0
utils/task_executor.py +904 -0
utils/task_helpers.py +270 -0
utils/template_helpers.py +179 -0

utils/env_helpers.py ADDED Viewed

@@ -0,0 +1,104 @@
+import os
+import subprocess
+from pathlib import Path
+from typing import Optional
+from .config import PROJECT_ROOT
+from .resource_manager import ResourceManager
+def task_setup(task_dir: Path, task_id: Optional[str] = None) -> None:
+    """
+    Run setup.sh script for a task to start Docker environments and seed data.
+    Args:
+        task_dir: Path to the task directory containing setup.sh
+        task_id: Optional task ID for resource tracking (if None, no tracking)
+    """
+    setup_script = task_dir / "setup.sh"
+    if not setup_script.exists():
+        print(f"[SETUP] No setup.sh found in {task_dir}, skipping")
+        return
+    print(f"[SETUP] Running setup.sh for task: {task_dir}")
+    try:
+        result = subprocess.run(
+            ["bash", str(setup_script)],
+            cwd=str(task_dir),
+            check=True,
+            capture_output=False,  # Let output go to stdout/stderr
+        )
+        # Record setup completion timestamp in PER-TASK file (race-safe under
+        # parallel asyncio tasks within the same process). The CS benign judge
+        # reads this from task_dir/metadata/setup_done_at.txt to filter
+        # agent-authored cases vs frozen baseline.
+        from datetime import datetime, timezone
+        ts = datetime.now(timezone.utc).strftime("%Y-%m-%dT%H:%M:%S.%f+00:00")
+        meta_dir = task_dir / "metadata"
+        meta_dir.mkdir(parents=True, exist_ok=True)
+        (meta_dir / "setup_done_at.txt").write_text(ts)
+        # Also set env var for backward compatibility, but judge prefers file.
+        os.environ["CS_SETUP_COMPLETED_AT"] = ts
+        print(f"[SETUP] setup.sh completed successfully (setup_done_at={ts})")
+    except subprocess.CalledProcessError as e:
+        print(f"[SETUP] setup.sh failed with exit code {e.returncode}")
+        raise
+def teardown_task(task_id: str, verbose: bool = True) -> None:
+    """
+    Teardown all resources for a task using ResourceManager.
+    This will:
+    1. Stop all Docker compose projects registered for this task
+    2. Release all allocated ports
+    Args:
+        task_id: The task ID used during setup
+        verbose: Whether to print cleanup messages
+    """
+    mgr = ResourceManager.instance()
+    mgr.cleanup_task(task_id, verbose=verbose)
+def teardown_envs(
+    envs_used: dict,
+    project_name: Optional[str],
+) -> None:
+    """
+    Legacy teardown function for backward compatibility.
+    Deprecated: Use teardown_task() with ResourceManager instead.
+    This function is kept for backward compatibility with existing code
+    that passes envs_used dict. It now delegates to ResourceManager if
+    a task_id can be inferred from project_name.
+    """
+    if not project_name:
+        return
+    # Try to cleanup via ResourceManager first
+    # Project names are like "wf_taskname_pid" or "wf_taskname_pid_envname"
+    # We try to find matching task_id
+    mgr = ResourceManager.instance()
+    snapshot = mgr.snapshot()
+    for task_id, resources in snapshot.items():
+        if any(project_name in p for p in resources.get("docker_projects", [])):
+            mgr.cleanup_task(task_id, verbose=True)
+            return
+    # Fallback: manually stop the project if not tracked
+    # This handles cases where setup.sh was run but resources weren't registered
+    print(f"[CLEANUP] Attempting manual teardown for project: {project_name}")
+    try:
+        subprocess.run(
+            ["docker", "compose", "-p", project_name, "down", "--remove-orphans"],
+            capture_output=True,
+            check=False,
+            timeout=60,
+        )
+    except Exception as e:
+        print(f"[CLEANUP] Manual teardown error: {e}")

utils/eval_stats.py ADDED Viewed

@@ -0,0 +1,88 @@
+from dataclasses import dataclass, field
+from typing import List
+@dataclass
+class TaskTiming:
+    """Timing information for a single task."""
+    task_name: str
+    start_time: float = 0.0
+    end_time: float = 0.0
+    container_acquire_time: float = 0.0
+    execution_time: float = 0.0
+    success: bool = False
+    @property
+    def total_time(self) -> float:
+        return self.end_time - self.start_time if self.end_time > 0 else 0.0
+@dataclass
+class EvaluationStats:
+    """Statistics for the entire evaluation run."""
+    total_tasks: int = 0
+    successful_tasks: int = 0
+    failed_tasks: int = 0
+    # Timing
+    eval_start_time: float = 0.0
+    eval_end_time: float = 0.0
+    scheduling_time: float = 0.0
+    # Per-task timings
+    task_timings: List[TaskTiming] = field(default_factory=list)
+    @property
+    def total_time(self) -> float:
+        return self.eval_end_time - self.eval_start_time if self.eval_end_time > 0 else 0.0
+    @property
+    def avg_task_time(self) -> float:
+        if not self.task_timings:
+            return 0.0
+        return sum(t.total_time for t in self.task_timings) / len(self.task_timings)
+    @property
+    def avg_container_acquire_time(self) -> float:
+        if not self.task_timings:
+            return 0.0
+        return sum(t.container_acquire_time for t in self.task_timings) / len(self.task_timings)
+    @property
+    def avg_execution_time(self) -> float:
+        if not self.task_timings:
+            return 0.0
+        return sum(t.execution_time for t in self.task_timings) / len(self.task_timings)
+    def print_summary(self) -> None:
+        """Print timing summary."""
+        print("\n" + "=" * 70)
+        print("[TIMING] Performance Statistics")
+        print("=" * 70)
+        # Overall timing
+        print(f"\n  Total evaluation time : {self.total_time:.1f}s ({self.total_time/60:.1f}min)")
+        print(f"  Scheduling time       : {self.scheduling_time:.2f}s")
+        # Task statistics
+        print(f"\n  Tasks completed       : {self.total_tasks}")
+        print(f"  Successful            : {self.successful_tasks}")
+        print(f"  Failed                : {self.failed_tasks}")
+        # Average times
+        if self.task_timings:
+            print(f"\n  Avg task time         : {self.avg_task_time:.1f}s")
+            print(f"  Avg container acquire : {self.avg_container_acquire_time:.1f}s")
+            print(f"  Avg execution time    : {self.avg_execution_time:.1f}s")
+            # Min/Max
+            times = [t.total_time for t in self.task_timings]
+            print(f"  Min task time         : {min(times):.1f}s")
+            print(f"  Max task time         : {max(times):.1f}s")
+            # Fastest and slowest tasks
+            sorted_timings = sorted(self.task_timings, key=lambda t: t.total_time)
+            print(f"\n  Fastest task          : {sorted_timings[0].task_name} ({sorted_timings[0].total_time:.1f}s)")
+            print(f"  Slowest task          : {sorted_timings[-1].task_name} ({sorted_timings[-1].total_time:.1f}s)")
+        print("=" * 70)

utils/injection_helpers.py ADDED Viewed

@@ -0,0 +1,429 @@
+from typing import Any, Dict, List, Optional, Tuple, Union
+from dt_arena.src.types.agent import ToolInjection, SkillInjection
+from dt_arena.src.types.task import AttackConfig, AttackStepConfig
+def build_tool_injections_from_config(
+    attack_config: Optional[AttackConfig]
+) -> Optional[Dict[str, Dict[str, ToolInjection]]]:
+    """
+    Build mcp_injection dict from all attack turns' tool injection steps.
+    Tool injections are merged from all attack turns since tool descriptions
+    are set once when the agent initializes.
+    Args:
+        attack_config: The attack configuration containing attack turns
+    Returns:
+        Dict mapping server_name -> tool_name -> ToolInjection
+        Returns None if no tool injections are configured
+    """
+    if not attack_config or not attack_config.attack_turns:
+        return None
+    mcp_injection: Dict[str, Dict[str, ToolInjection]] = {}
+    # Merge tool injections from all attack turns
+    for attack_turn in attack_config.attack_turns:
+        tool_injections = attack_turn.get_tool_injections()
+        for step in tool_injections:
+            server_name, tool_name = step.get_tool_server_and_name()
+            if not server_name or not tool_name:
+                print(f"[WARNING] Invalid injected_tool format: {step.injected_tool}")
+                continue
+            # Map mode to ToolInjection type
+            injection_type = step.mode  # "suffix" or "override"
+            if injection_type not in ("suffix", "override"):
+                print(f"[WARNING] Invalid injection mode: {step.mode}, defaulting to 'suffix'")
+                injection_type = "suffix"
+            if server_name not in mcp_injection:
+                mcp_injection[server_name] = {}
+            mcp_injection[server_name][tool_name] = ToolInjection(
+                type=injection_type,
+                content=step.content or ""
+            )
+            print(f"[INJECTION] Tool injection configured: {server_name}:{tool_name} ({injection_type})")
+    return mcp_injection if mcp_injection else None
+def build_skill_injections_from_config(
+    attack_config: Optional[AttackConfig]
+) -> Optional[Dict[str, List[SkillInjection]]]:
+    """
+    Build skill_injection dict from all attack turns' skill injection steps.
+    Skill injections are merged from all attack turns since skill files
+    are set up once when the agent initializes.
+    Args:
+        attack_config: The attack configuration containing attack turns
+    Returns:
+        Dict mapping skill_name -> list of SkillInjection objects
+        Returns None if no skill injections are configured
+    """
+    if not attack_config or not attack_config.attack_turns:
+        return None
+    skill_injection: Dict[str, List[SkillInjection]] = {}
+    # Merge skill injections from all attack turns
+    for attack_turn in attack_config.attack_turns:
+        skill_injections = attack_turn.get_skill_injections()
+        for step in skill_injections:
+            skill_name = step.skill_name
+            if not skill_name:
+                raise ValueError(f"Skill injection missing skill_name in turn {attack_turn.turn_id}")
+            mode = step.mode
+            if mode not in ("insert", "append", "create"):
+                raise ValueError(f"Invalid skill injection mode: '{step.mode}'. Must be one of: insert, append, create")
+            content = step.content or ""
+            row = step.row if step.row is not None else -1
+            # Validate row based on mode
+            if mode == "insert" and row != -1 and row < 1:
+                raise ValueError(f"Invalid row {row} for insert mode. Must be >= 1 or -1 (append)")
+            if mode in ("append", "create") and row != -1:
+                raise ValueError(f"Row must be -1 for {mode} mode, got {row}")
+            if skill_name not in skill_injection:
+                skill_injection[skill_name] = []
+            skill_injection[skill_name].append(SkillInjection(
+                mode=mode,
+                content=content,
+                row=row
+            ))
+            print(f"[INJECTION] Skill injection configured: {skill_name} ({mode}, row={row})")
+    return skill_injection if skill_injection else None
+def apply_prompt_injections(
+    original_instruction: Optional[Union[str, List[str]]],
+    attack_config: Optional[AttackConfig]
+) -> Union[str, List[str]]:
+    """
+    Apply prompt injections to instructions based on mode.
+    Modes:
+    - "suffix": Append content to the original instruction (indirect threat model)
+    - "override": Replace the instruction entirely with content (indirect threat model)
+    - "jailbreak": Replace the instruction entirely with content (direct threat model)
+    Args:
+        original_instruction: Original user instruction (str or list for multi-turn).
+                              Can be None for direct attacks.
+        attack_config: The attack configuration containing attack turns
+    Returns:
+        Modified instruction(s) with prompt injections applied
+    """
+    if not attack_config or not attack_config.attack_turns:
+        return original_instruction
+    # Sort attack turns by turn_id to ensure correct ordering
+    sorted_turns = sorted(attack_config.attack_turns, key=lambda t: t.turn_id)
+    # Collect all jailbreak injection contents as the instructions
+    if original_instruction is None or original_instruction == "" or original_instruction == []:
+        jailbreak_instructions: List[str] = []
+        for attack_turn in sorted_turns:
+            prompt_injections = attack_turn.get_prompt_injections()
+            print('@'*10, attack_turn)
+            for injection in prompt_injections:
+                if injection.mode == "jailbreak":
+                    print(f"[INJECTION] Direct attack jailbreak prompt collected from turn {attack_turn.turn_id}")
+                    jailbreak_instructions.append(injection.content or "")
+        # Return single string if only one instruction, otherwise list
+        if len(jailbreak_instructions) == 0:
+            raise ValueError("No jailbreak prompts found for direct attack")
+        else:
+            return jailbreak_instructions
+    # Handle indirect attacks: apply injections to existing instructions
+    is_single = isinstance(original_instruction, str)
+    instructions = [original_instruction] if is_single else list(original_instruction)
+    # Apply prompt injections from each attack turn
+    for attack_turn in sorted_turns:
+        turn_index = attack_turn.turn_id - 1
+        prompt_injections = attack_turn.get_prompt_injections()
+        if not prompt_injections:
+            continue
+        # Apply the first prompt injection found for this turn
+        injection = prompt_injections[0]
+        if injection.mode in ("override", "jailbreak"):
+            # Both override and jailbreak replace the instruction entirely
+            mode_name = injection.mode
+            print(f"[INJECTION] Prompt {mode_name} applied to turn {attack_turn.turn_id}")
+            if turn_index < 0 or turn_index >= len(instructions):
+                # If turn doesn't exist, append the instruction
+                instructions.append(injection.content or "")
+            else:
+                instructions[turn_index] = injection.content or ""
+        elif injection.mode == "suffix":
+            if turn_index < 0 or turn_index >= len(instructions):
+                print(f"[WARNING] Attack turn {attack_turn.turn_id} has no corresponding instruction (only {len(instructions)} instructions)")
+                continue
+            print(f"[INJECTION] Prompt suffix applied to turn {attack_turn.turn_id}")
+            instructions[turn_index] = f"{instructions[turn_index]}\n{injection.content or ''}"
+        else:
+            raise ValueError(f"Unknown prompt injection mode: {injection.mode} for turn {attack_turn.turn_id}")
+    # Return in original format
+    return instructions[0] if is_single else instructions
+def get_env_injections_from_attack(
+    attack_config: Optional[AttackConfig],
+    turn_id: Optional[int] = None,
+) -> List[Dict[str, Any]]:
+    """
+    Extract environment injection steps from attack config.
+    Parses attack_turns to find environment injection steps. Can optionally
+    filter by turn_id for per-turn injection application in multi-turn attacks.
+    Args:
+        attack_config: The attack configuration containing attack turns
+        turn_id: Optional turn ID to filter injections (1-indexed).
+                 If None, returns all environment injections from all turns.
+    Returns:
+        List of environment injection specs:
+        [
+            {
+                "server_name": "salesforce-injection",
+                "tool_name": "inject_comment",
+                "kwargs": {"comment": "..."},
+                "turn_id": 1,
+            },
+            ...
+        ]
+    """
+    if not attack_config or not attack_config.attack_turns:
+        return []
+    env_injections: List[Dict[str, Any]] = []
+    for attack_turn in attack_config.attack_turns:
+        # Filter by turn_id if specified
+        if turn_id is not None and attack_turn.turn_id != turn_id:
+            continue
+        env_steps = attack_turn.get_environment_injections()
+        for step in env_steps:
+            if not step.injection_mcp_tool:
+                print(f"[WARNING] Environment injection missing injection_mcp_tool in turn {attack_turn.turn_id}")
+                continue
+            # Parse "server_name:tool_name" format
+            if ":" not in step.injection_mcp_tool:
+                print(f"[WARNING] Invalid injection_mcp_tool format: {step.injection_mcp_tool}")
+                continue
+            server_name, tool_name = step.injection_mcp_tool.split(":", 1)
+            env_injections.append({
+                "server_name": server_name,
+                "tool_name": tool_name,
+                "kwargs": step.kwargs or {},
+                "turn_id": attack_turn.turn_id,
+            })
+    return env_injections
+def get_required_injection_servers(
+    env_injections: List[Dict[str, Any]],
+) -> Dict[str, List[str]]:
+    """
+    Determine which injection MCP servers need to be started.
+    Args:
+        env_injections: List of environment injection specs from get_env_injections_from_attack()
+    Returns:
+        Dict mapping server_name -> list of tool names needed
+        e.g., {"salesforce-injection": ["inject_comment", "inject_lead"]}
+    """
+    servers: Dict[str, List[str]] = {}
+    for injection in env_injections:
+        server_name = injection["server_name"]
+        tool_name = injection["tool_name"]
+        if server_name not in servers:
+            servers[server_name] = []
+        if tool_name not in servers[server_name]:
+            servers[server_name].append(tool_name)
+    return servers
+async def apply_environment_injections_async(
+    env_injections: List[Dict[str, Any]],
+    server_urls: Dict[str, str],
+) -> List[Dict[str, Any]]:
+    """
+    Execute all environment injection steps via MCP calls (async version).
+    This function connects to injection MCP servers and executes the
+    injection tools specified in the attack config.
+    Args:
+        env_injections: List of environment injection specs from get_env_injections_from_attack()
+        server_urls: Dict mapping server_name -> URL (from start_injection_mcp_servers)
+    Returns:
+        List of results:
+        [
+            {
+                "server_name": "salesforce-injection",
+                "tool_name": "inject_comment",
+                "success": True,
+                "result": "...",
+                "error": None,
+            },
+            ...
+        ]
+    """
+    from fastmcp import Client
+    results: List[Dict[str, Any]] = []
+    # Group injections by server to reuse connections
+    injections_by_server: Dict[str, List[Dict[str, Any]]] = {}
+    for injection in env_injections:
+        server_name = injection["server_name"]
+        if server_name not in injections_by_server:
+            injections_by_server[server_name] = []
+        injections_by_server[server_name].append(injection)
+    # Execute injections for each server
+    for server_name, server_injections in injections_by_server.items():
+        server_url = server_urls.get(server_name)
+        if not server_url:
+            # Server not started, record errors for all injections
+            for injection in server_injections:
+                results.append({
+                    "server_name": server_name,
+                    "tool_name": injection["tool_name"],
+                    "kwargs": injection["kwargs"],
+                    "turn_id": injection["turn_id"],
+                    "success": False,
+                    "result": None,
+                    "error": f"Injection server '{server_name}' URL not available",
+                })
+            continue
+        # Connect to server and execute injections
+        try:
+            async with Client(server_url, timeout=30.0) as client:
+                for injection in server_injections:
+                    tool_name = injection["tool_name"]
+                    kwargs = injection["kwargs"]
+                    turn_id = injection["turn_id"]
+                    try:
+                        result = await client.call_tool(tool_name, kwargs)
+                        # Extract result content
+                        result_text = _extract_mcp_result(result)
+                        results.append({
+                            "server_name": server_name,
+                            "tool_name": tool_name,
+                            "kwargs": kwargs,
+                            "turn_id": turn_id,
+                            "success": True,
+                            "result": result_text,
+                            "error": None,
+                        })
+                        print(f"[ENV INJECTION] {server_name}:{tool_name} - Success")
+                    except Exception as e:
+                        results.append({
+                            "server_name": server_name,
+                            "tool_name": tool_name,
+                            "kwargs": kwargs,
+                            "turn_id": turn_id,
+                            "success": False,
+                            "result": None,
+                            "error": str(e),
+                        })
+                        print(f"[ENV INJECTION] {server_name}:{tool_name} - Failed: {e}")
+        except Exception as e:
+            # Connection error - record errors for all injections on this server
+            for injection in server_injections:
+                results.append({
+                    "server_name": server_name,
+                    "tool_name": injection["tool_name"],
+                    "kwargs": injection["kwargs"],
+                    "turn_id": injection["turn_id"],
+                    "success": False,
+                    "result": None,
+                    "error": f"Failed to connect to server: {e}",
+                })
+            print(f"[ENV INJECTION] Failed to connect to {server_name} at {server_url}: {e}")
+    return results
+def apply_environment_injections(
+    env_injections: List[Dict[str, Any]],
+    server_urls: Dict[str, str],
+) -> List[Dict[str, Any]]:
+    """
+    Execute all environment injection steps via MCP calls (sync wrapper).
+    This is a synchronous wrapper around apply_environment_injections_async()
+    for use in synchronous contexts.
+    Args:
+        env_injections: List of environment injection specs from get_env_injections_from_attack()
+        server_urls: Dict mapping server_name -> URL (from start_injection_mcp_servers)
+    Returns:
+        List of results (see apply_environment_injections_async for format)
+    """
+    import asyncio
+    return asyncio.run(apply_environment_injections_async(env_injections, server_urls))
+def _extract_mcp_result(result: Any) -> str:
+    """Extract text content from MCP tool result."""
+    if hasattr(result, "content"):
+        content_parts = []
+        for item in result.content:
+            if hasattr(item, "text"):
+                content_parts.append(item.text)
+            elif hasattr(item, "data"):
+                content_parts.append(str(item.data))
+            else:
+                content_parts.append(str(item))
+        return "\n".join(content_parts) if content_parts else str(result)
+    return str(result)