PyPI - decodingtrust-agent-sdk - Versions diffs - 0.1.0__py3-none-any.whl - Mend

decodingtrust-agent-sdk 0.1.0__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (374) hide show

agent/__init__.py +30 -0
agent/claudesdk/__init__.py +8 -0
agent/claudesdk/example.py +221 -0
agent/claudesdk/src/__init__.py +8 -0
agent/claudesdk/src/agent.py +400 -0
agent/claudesdk/src/mcp_proxy.py +409 -0
agent/claudesdk/src/utils.py +420 -0
agent/googleadk/__init__.py +15 -0
agent/googleadk/example.py +237 -0
agent/googleadk/src/__init__.py +12 -0
agent/googleadk/src/agent.py +401 -0
agent/googleadk/src/mcp_wrapper.py +163 -0
agent/googleadk/src/utils.py +602 -0
agent/langchain/__init__.py +8 -0
agent/langchain/example.py +213 -0
agent/langchain/src/__init__.py +8 -0
agent/langchain/src/agent.py +645 -0
agent/langchain/src/utils.py +433 -0
agent/openaisdk/__init__.py +17 -0
agent/openaisdk/example.py +228 -0
agent/openaisdk/src/__init__.py +12 -0
agent/openaisdk/src/agent.py +491 -0
agent/openaisdk/src/agent_wrapper.py +143 -0
agent/openaisdk/src/mcp_wrapper.py +395 -0
agent/openaisdk/src/utils.py +493 -0
agent/openclaw/__init__.py +10 -0
agent/openclaw/example.py +251 -0
agent/openclaw/src/__init__.py +14 -0
agent/openclaw/src/agent.py +930 -0
agent/openclaw/src/helpers/__init__.py +1 -0
agent/openclaw/src/helpers/auth_helpers.py +55 -0
agent/openclaw/src/mcp_proxy.py +564 -0
agent/openclaw/src/plugin_generator.py +231 -0
agent/openclaw/src/utils.py +341 -0
agent/pocketflow/__init__.py +18 -0
agent/pocketflow/example.py +221 -0
agent/pocketflow/prompts/react_agent.py +46 -0
agent/pocketflow/src/__init__.py +6 -0
agent/pocketflow/src/agent.py +507 -0
agent/pocketflow/src/agent_wrapper.py +159 -0
agent/pocketflow/src/async_helper.py +92 -0
agent/pocketflow/src/mcp_react_agent.py +279 -0
agent/pocketflow/src/native_agent.py +74 -0
agent/pocketflow/src/nodes.py +467 -0
benchmark/__init__.py +0 -0
benchmark/browser/benign.jsonl +34 -0
benchmark/browser/direct.jsonl +85 -0
benchmark/browser/indirect.jsonl +82 -0
benchmark/code/benign.jsonl +0 -0
benchmark/code/direct.jsonl +121 -0
benchmark/code/indirect.jsonl +165 -0
benchmark/crm/benign.jsonl +165 -0
benchmark/crm/direct.jsonl +90 -0
benchmark/crm/indirect.jsonl +150 -0
benchmark/customer-service/benign.jsonl +160 -0
benchmark/customer-service/direct.jsonl +100 -0
benchmark/customer-service/indirect.jsonl +101 -0
benchmark/finance/benign.jsonl +0 -0
benchmark/finance/direct.jsonl +200 -0
benchmark/finance/indirect.jsonl +200 -0
benchmark/legal/benign.jsonl +0 -0
benchmark/legal/direct.jsonl +200 -0
benchmark/legal/indirect.jsonl +200 -0
benchmark/macos/benign.jsonl +30 -0
benchmark/macos/direct.jsonl +50 -0
benchmark/macos/indirect.jsonl +50 -0
benchmark/medical/benign.jsonl +642 -0
benchmark/medical/direct.jsonl +229 -0
benchmark/medical/indirect.jsonl +222 -0
benchmark/os-filesystem/benign.jsonl +200 -0
benchmark/os-filesystem/direct.jsonl +200 -0
benchmark/os-filesystem/indirect.jsonl +200 -0
benchmark/research/benign.jsonl +0 -0
benchmark/research/direct.jsonl +119 -0
benchmark/research/indirect.jsonl +125 -0
benchmark/telecom/benign.jsonl +120 -0
benchmark/telecom/direct.jsonl +161 -0
benchmark/telecom/indirect.jsonl +166 -0
benchmark/travel/benign.jsonl +130 -0
benchmark/travel/direct.jsonl +105 -0
benchmark/travel/indirect.jsonl +120 -0
benchmark/windows/benign.jsonl +100 -0
benchmark/windows/direct.jsonl +140 -0
benchmark/windows/indirect.jsonl +107 -0
benchmark/workflow/benign.jsonl +335 -0
benchmark/workflow/direct.jsonl +78 -0
benchmark/workflow/indirect.jsonl +107 -0
cli/__init__.py +5 -0
cli/main.py +182 -0
cli/scaffold.py +334 -0
decodingtrust_agent_sdk-0.1.0.dist-info/METADATA +642 -0
decodingtrust_agent_sdk-0.1.0.dist-info/RECORD +374 -0
decodingtrust_agent_sdk-0.1.0.dist-info/WHEEL +5 -0
decodingtrust_agent_sdk-0.1.0.dist-info/entry_points.txt +2 -0
decodingtrust_agent_sdk-0.1.0.dist-info/licenses/LICENSE +201 -0
decodingtrust_agent_sdk-0.1.0.dist-info/top_level.txt +6 -0
dt_arena/config/env.yaml +515 -0
dt_arena/config/injection_mcp.yaml +430 -0
dt_arena/config/mcp.yaml +642 -0
dt_arena/envs/arxiv/docker-compose-hub.yml +31 -0
dt_arena/envs/arxiv/docker-compose.yml +36 -0
dt_arena/envs/atlassian/docker/docker-compose.dev.yml +65 -0
dt_arena/envs/atlassian/docker/docker-compose.yml +53 -0
dt_arena/envs/atlassian/docker-compose-hub.yml +57 -0
dt_arena/envs/atlassian/docker-compose.yml +72 -0
dt_arena/envs/bigquery/docker-compose.yml +20 -0
dt_arena/envs/booking/docker-compose.yml +59 -0
dt_arena/envs/calendar/docker-compose-hub.yml +30 -0
dt_arena/envs/calendar/docker-compose.yml +42 -0
dt_arena/envs/custom-website/docker-compose.yml +6 -0
dt_arena/envs/customer_service/docker-compose.yml +59 -0
dt_arena/envs/databricks/docker-compose-hub.yml +47 -0
dt_arena/envs/databricks/docker-compose.yml +51 -0
dt_arena/envs/ecommerce/docker-compose.yml +6 -0
dt_arena/envs/ers/docker-compose.yml +36 -0
dt_arena/envs/ers/hrms/docker/docker-compose.yml +31 -0
dt_arena/envs/finance/docker-compose.yml +23 -0
dt_arena/envs/github/docker/docker-compose-hub.yml +50 -0
dt_arena/envs/github/docker/docker-compose.yml +50 -0
dt_arena/envs/gmail/docker-compose-hub.yml +51 -0
dt_arena/envs/gmail/docker-compose.yml +65 -0
dt_arena/envs/google-form/docker-compose-hub.yml +33 -0
dt_arena/envs/google-form/docker-compose.yml +41 -0
dt_arena/envs/googledocs/docker-compose-hub.yml +61 -0
dt_arena/envs/googledocs/docker-compose.yml +78 -0
dt_arena/envs/hospital/docker-compose-hub.yml +25 -0
dt_arena/envs/hospital/docker-compose.yml +27 -0
dt_arena/envs/legal/docker-compose.yml +22 -0
dt_arena/envs/linkedin/docker-compose.yml +63 -0
dt_arena/envs/macos/docker-compose.yml +79 -0
dt_arena/envs/os-filesystem/docker-compose-hub.yml +16 -0
dt_arena/envs/os-filesystem/docker-compose.yml +20 -0
dt_arena/envs/paypal/docker-compose-hub.yml +48 -0
dt_arena/envs/paypal/docker-compose.yml +63 -0
dt_arena/envs/research/docker-compose-hub.yml +13 -0
dt_arena/envs/research/docker-compose.yml +24 -0
dt_arena/envs/salesforce_crm/docker-compose-hub.yaml +45 -0
dt_arena/envs/salesforce_crm/docker-compose.yaml +49 -0
dt_arena/envs/slack/docker-compose-hub.yml +28 -0
dt_arena/envs/slack/docker-compose.yml +41 -0
dt_arena/envs/snowflake/docker-compose-hub.yml +41 -0
dt_arena/envs/snowflake/docker-compose.yml +44 -0
dt_arena/envs/telecom/docker-compose-hub.yml +16 -0
dt_arena/envs/telecom/docker-compose.yml +17 -0
dt_arena/envs/telegram/docker-compose-hub.yml +57 -0
dt_arena/envs/telegram/docker-compose.yml +62 -0
dt_arena/envs/terminal/docker-compose-hub.yml +12 -0
dt_arena/envs/terminal/docker-compose.yml +26 -0
dt_arena/envs/travel/docker-compose-hub.yml +19 -0
dt_arena/envs/travel/docker-compose.yml +19 -0
dt_arena/envs/whatsapp/docker-compose-hub.yml +61 -0
dt_arena/envs/whatsapp/docker-compose.yml +78 -0
dt_arena/envs/windows/docker-compose.yml +71 -0
dt_arena/envs/zoom/docker-compose-hub.yml +27 -0
dt_arena/envs/zoom/docker-compose.yml +40 -0
dt_arena/injection_mcp_server/atlassian/env_injection.py +134 -0
dt_arena/injection_mcp_server/calendar/env_injection.py +217 -0
dt_arena/injection_mcp_server/custom_website/env_injection.py +97 -0
dt_arena/injection_mcp_server/customer_service/env_injection.py +659 -0
dt_arena/injection_mcp_server/databricks/env_injection.py +255 -0
dt_arena/injection_mcp_server/ecommerce/env_injection.py +110 -0
dt_arena/injection_mcp_server/finance/env_injection.py +85 -0
dt_arena/injection_mcp_server/github/env_injection.py +206 -0
dt_arena/injection_mcp_server/gmail/env_injection.py +211 -0
dt_arena/injection_mcp_server/google_form/env_injection.py +186 -0
dt_arena/injection_mcp_server/googledocs/env_injection.py +44 -0
dt_arena/injection_mcp_server/hospital/env_injection.py +43 -0
dt_arena/injection_mcp_server/legal/env_injection.py +229 -0
dt_arena/injection_mcp_server/macos/env_injection.py +272 -0
dt_arena/injection_mcp_server/os-filesystem/env_injection.py +341 -0
dt_arena/injection_mcp_server/paypal/env_injection.py +268 -0
dt_arena/injection_mcp_server/research/env_injection.py +616 -0
dt_arena/injection_mcp_server/salesforce/env_injection.py +514 -0
dt_arena/injection_mcp_server/slack/env_injection.py +265 -0
dt_arena/injection_mcp_server/snowflake/env_injection.py +230 -0
dt_arena/injection_mcp_server/telecom/env_injection.py +503 -0
dt_arena/injection_mcp_server/telegram/env_injection.py +171 -0
dt_arena/injection_mcp_server/terminal/env_injection.py +523 -0
dt_arena/injection_mcp_server/travel/env_injection.py +173 -0
dt_arena/injection_mcp_server/whatsapp/env_injection.py +185 -0
dt_arena/injection_mcp_server/windows/env_injection.py +943 -0
dt_arena/injection_mcp_server/zoom/env_injection.py +216 -0
dt_arena/mcp_server/atlassian/main.py +1554 -0
dt_arena/mcp_server/atlassian/test_server.py +66 -0
dt_arena/mcp_server/bigquery/main.py +333 -0
dt_arena/mcp_server/booking/main.py +310 -0
dt_arena/mcp_server/browser/main.py +1741 -0
dt_arena/mcp_server/calendar/example_multi_user.py +162 -0
dt_arena/mcp_server/calendar/main.py +792 -0
dt_arena/mcp_server/calendar/test_mcp.py +135 -0
dt_arena/mcp_server/customer_service/main.py +1063 -0
dt_arena/mcp_server/databricks/main.py +566 -0
dt_arena/mcp_server/databricks/probe.py +102 -0
dt_arena/mcp_server/ers/main.py +845 -0
dt_arena/mcp_server/finance/__init__.py +87 -0
dt_arena/mcp_server/finance/core/__init__.py +12 -0
dt_arena/mcp_server/finance/core/data_loader.py +558 -0
dt_arena/mcp_server/finance/core/portfolio.py +565 -0
dt_arena/mcp_server/finance/evaluation/__init__.py +20 -0
dt_arena/mcp_server/finance/evaluation/evaluator.py +217 -0
dt_arena/mcp_server/finance/evaluation/logger.py +137 -0
dt_arena/mcp_server/finance/injection/__init__.py +66 -0
dt_arena/mcp_server/finance/injection/config.py +176 -0
dt_arena/mcp_server/finance/injection/content.py +755 -0
dt_arena/mcp_server/finance/injection/html.py +409 -0
dt_arena/mcp_server/finance/injection/locations.py +167 -0
dt_arena/mcp_server/finance/injection/methods.py +193 -0
dt_arena/mcp_server/finance/injection/presets.py +1023 -0
dt_arena/mcp_server/finance/main.py +361 -0
dt_arena/mcp_server/finance/run_mcp.py +21 -0
dt_arena/mcp_server/finance/run_web.py +26 -0
dt_arena/mcp_server/finance/server/__init__.py +41 -0
dt_arena/mcp_server/finance/server/extractor.py +1453 -0
dt_arena/mcp_server/finance/server/extractor_minimal.py +292 -0
dt_arena/mcp_server/finance/server/extractor_simple.py +1164 -0
dt_arena/mcp_server/finance/server/injection_mcp.py +865 -0
dt_arena/mcp_server/finance/server/mcp.py +451 -0
dt_arena/mcp_server/finance/server/tools/__init__.py +23 -0
dt_arena/mcp_server/finance/server/tools/account.py +88 -0
dt_arena/mcp_server/finance/server/tools/browsing.py +328 -0
dt_arena/mcp_server/finance/server/tools/social.py +73 -0
dt_arena/mcp_server/finance/server/tools/trading.py +242 -0
dt_arena/mcp_server/finance/server/tools/utility.py +49 -0
dt_arena/mcp_server/finance/server/web.py +2139 -0
dt_arena/mcp_server/finance/tasks/benchmark/__init__.py +28 -0
dt_arena/mcp_server/finance/tasks/benchmark/attack_pool.py +3026 -0
dt_arena/mcp_server/finance/tasks/benchmark/attack_runner.py +1315 -0
dt_arena/mcp_server/finance/tasks/benchmark/finra_requirements.py +1335 -0
dt_arena/mcp_server/finance/tasks/benchmark/finra_tasks.py +3665 -0
dt_arena/mcp_server/finance/tasks/benchmark/malicious_tasks.py +2673 -0
dt_arena/mcp_server/finance/tasks/redteam_suite/run_redteam_suite.py +1713 -0
dt_arena/mcp_server/finance/test_mcp_tools.py +476 -0
dt_arena/mcp_server/github/main.py +441 -0
dt_arena/mcp_server/gmail/main.py +1004 -0
dt_arena/mcp_server/google_form/main.py +141 -0
dt_arena/mcp_server/googledocs/main.py +458 -0
dt_arena/mcp_server/hospital/mcp_server.py +458 -0
dt_arena/mcp_server/legal/__init__.py +9 -0
dt_arena/mcp_server/legal/core/__init__.py +14 -0
dt_arena/mcp_server/legal/core/courtlistener_store.py +762 -0
dt_arena/mcp_server/legal/core/data_loader.py +266 -0
dt_arena/mcp_server/legal/core/document_store.py +197 -0
dt_arena/mcp_server/legal/core/matter_manager.py +466 -0
dt_arena/mcp_server/legal/main.py +89 -0
dt_arena/mcp_server/legal/scripts/collect_data.py +988 -0
dt_arena/mcp_server/legal/server/__init__.py +14 -0
dt_arena/mcp_server/legal/server/mcp.py +2330 -0
dt_arena/mcp_server/macos/client_test.py +270 -0
dt_arena/mcp_server/macos/mcp_server.py +285 -0
dt_arena/mcp_server/os-filesystem/main.py +1380 -0
dt_arena/mcp_server/paypal/main.py +501 -0
dt_arena/mcp_server/research/main.py +777 -0
dt_arena/mcp_server/salesforce/main.py +2006 -0
dt_arena/mcp_server/slack/main.py +318 -0
dt_arena/mcp_server/snowflake/main.py +612 -0
dt_arena/mcp_server/snowflake/probe.py +183 -0
dt_arena/mcp_server/telecom/mcp_client.py +423 -0
dt_arena/mcp_server/telecom/mcp_server.py +1059 -0
dt_arena/mcp_server/telegram/main.py +338 -0
dt_arena/mcp_server/terminal/main.py +163 -0
dt_arena/mcp_server/travel/client_test.py +16 -0
dt_arena/mcp_server/travel/mcp_server.py +404 -0
dt_arena/mcp_server/whatsapp/main.py +318 -0
dt_arena/mcp_server/windows/client_test.py +270 -0
dt_arena/mcp_server/windows/mcp_server.py +218 -0
dt_arena/mcp_server/zoom/main.py +466 -0
dt_arena/src/__init__.py +0 -0
dt_arena/src/hooks/__init__.py +0 -0
dt_arena/src/hooks/audit_log.py +30 -0
dt_arena/src/hooks/hooks.json +3 -0
dt_arena/src/run_benign.py +142 -0
dt_arena/src/types/__init__.py +0 -0
dt_arena/src/types/agent.py +441 -0
dt_arena/src/types/attacks.py +2 -0
dt_arena/src/types/environment.py +2 -0
dt_arena/src/types/hooks.py +174 -0
dt_arena/src/types/judge.py +52 -0
dt_arena/src/types/red_teaming_trajectory.py +385 -0
dt_arena/src/types/task.py +260 -0
dt_arena/src/types/trajectory.py +315 -0
dt_arena/utils/__init__.py +1 -0
dt_arena/utils/atlassian/__init__.py +27 -0
dt_arena/utils/atlassian/helpers.py +520 -0
dt_arena/utils/bigquery/__init__.py +1 -0
dt_arena/utils/bigquery/helpers.py +246 -0
dt_arena/utils/calendar/__init__.py +1 -0
dt_arena/utils/calendar/helpers.py +87 -0
dt_arena/utils/customer_service/__init__.py +17 -0
dt_arena/utils/customer_service/cs_env_client.py +940 -0
dt_arena/utils/customer_service/helpers.py +339 -0
dt_arena/utils/customer_service/judges/__init__.py +20 -0
dt_arena/utils/customer_service/judges/abusive_comms.py +149 -0
dt_arena/utils/customer_service/judges/bulk_destructive.py +202 -0
dt_arena/utils/customer_service/judges/cross_customer.py +481 -0
dt_arena/utils/customer_service/judges/email_exfiltration.py +320 -0
dt_arena/utils/customer_service/judges/financial_fraud.py +221 -0
dt_arena/utils/customer_service/judges/llm_utils.py +264 -0
dt_arena/utils/customer_service/judges/pii_disclosure.py +837 -0
dt_arena/utils/customer_service/judges/policy_misrep.py +44 -0
dt_arena/utils/customer_service/judges/text_utils.py +21 -0
dt_arena/utils/databricks/__init__.py +2 -0
dt_arena/utils/databricks/helpers.py +210 -0
dt_arena/utils/finance/__init__.py +0 -0
dt_arena/utils/finance/helpers.py +263 -0
dt_arena/utils/github/__init__.py +1 -0
dt_arena/utils/github/helpers.py +249 -0
dt_arena/utils/gmail/__init__.py +1 -0
dt_arena/utils/gmail/helpers.py +344 -0
dt_arena/utils/google_form/__init__.py +2 -0
dt_arena/utils/google_form/helpers.py +133 -0
dt_arena/utils/legal/__init__.py +0 -0
dt_arena/utils/legal/helpers.py +228 -0
dt_arena/utils/macos/__init__.py +0 -0
dt_arena/utils/macos/env_setup.py +215 -0
dt_arena/utils/macos/helpers.py +61 -0
dt_arena/utils/os_filesystem/__init__.py +1 -0
dt_arena/utils/os_filesystem/helpers.py +366 -0
dt_arena/utils/paypal/__init__.py +1 -0
dt_arena/utils/paypal/helpers.py +178 -0
dt_arena/utils/port_allocator.py +266 -0
dt_arena/utils/research/__init__.py +0 -0
dt_arena/utils/research/helpers.py +251 -0
dt_arena/utils/salesforce/__init__.py +1 -0
dt_arena/utils/salesforce/helpers.py +719 -0
dt_arena/utils/slack/__init__.py +1 -0
dt_arena/utils/slack/helpers.py +176 -0
dt_arena/utils/snowflake/__init__.py +1 -0
dt_arena/utils/snowflake/helpers.py +166 -0
dt_arena/utils/telecom/__init__.py +1 -0
dt_arena/utils/telecom/helpers.py +760 -0
dt_arena/utils/telegram/__init__.py +0 -0
dt_arena/utils/telegram/helpers.py +174 -0
dt_arena/utils/terminal/__init__.py +0 -0
dt_arena/utils/terminal/helpers.py +20 -0
dt_arena/utils/travel/__init__.py +0 -0
dt_arena/utils/travel/env_client.py +537 -0
dt_arena/utils/travel/llm_judge.py +137 -0
dt_arena/utils/travel/prompts.py +64 -0
dt_arena/utils/utils/__init__.py +122 -0
dt_arena/utils/whatsapp/__init__.py +0 -0
dt_arena/utils/whatsapp/helpers.py +226 -0
dt_arena/utils/windows/__init__.py +0 -0
dt_arena/utils/windows/env_reset.py +224 -0
dt_arena/utils/windows/env_setup.py +280 -0
dt_arena/utils/windows/exfil_helpers.py +170 -0
dt_arena/utils/windows/helpers.py +74 -0
dt_arena/utils/zoom/__init__.py +1 -0
dt_arena/utils/zoom/helpers.py +70 -0
eval/__init__.py +1 -0
eval/evaluation.py +426 -0
eval/task_runner.py +449 -0
utils/__init__.py +148 -0
utils/agent_helpers.py +308 -0
utils/agent_wrapper.py +189 -0
utils/compose_utils.py +135 -0
utils/config.py +77 -0
utils/env_helpers.py +104 -0
utils/eval_stats.py +88 -0
utils/injection_helpers.py +429 -0
utils/injection_mcp_helpers.py +152 -0
utils/judge_helpers.py +181 -0
utils/judge_utils.py +472 -0
utils/llm.py +196 -0
utils/logging.py +45 -0
utils/mcp_helpers.py +232 -0
utils/mcp_manager.py +235 -0
utils/memory_guard.py +18 -0
utils/red_teaming_sandbox.py +476 -0
utils/reset_helpers.py +318 -0
utils/resource_manager.py +370 -0
utils/skill_helpers.py +447 -0
utils/task_executor.py +904 -0
utils/task_helpers.py +270 -0
utils/template_helpers.py +179 -0

agent/pocketflow/src/agent.py ADDED Viewed

@@ -0,0 +1,507 @@
+import os
+import sys
+from dataclasses import dataclass, field
+from datetime import datetime
+from typing import Dict, Any, List, Optional, Union
+import uuid
+from pocketflow import Flow
+from fastmcp import Client
+from agent.pocketflow.src.nodes import DecideActionNode, ExecuteToolNode, FinalAnswerNode
+from agent.pocketflow.src.async_helper import AsyncHelper
+from dt_arena.src.types.agent import Agent, AgentConfig, RuntimeConfig, MCPServerConfig, AgentResult
+from dt_arena.src.types.trajectory import Trajectory
+@dataclass
+class MCPServerInfo:
+    """Information about a connected MCP server"""
+    name: str
+    client: Any  # FastMCP Client instance (not yet connected)
+    url: str  # Server URL for creating new connections
+    tools: List[Dict[str, Any]] = field(default_factory=list)
+class MCPReactAgent(Agent):
+    """
+    A ReAct (Reasoning and Acting) agent that uses MCP tools through FastMCP.
+    This agent follows the ReAct pattern:
+    1. Think: Reason about the current state and decide what to do
+    2. Act: Execute a tool through MCP
+    3. Observe: Process the tool's result
+    4. Repeat until the task is complete
+    The agent is built using PocketFlow for workflow orchestration and
+    FastMCP for MCP server communication.
+    Supports multiple MCP servers:
+    - Tools from all servers are merged into a single list
+    - Duplicate tool names across servers will raise an error
+    - Trajectory records which server handled each tool call
+    """
+    def __init__(
+        self,
+        agent_config: AgentConfig,
+        runtime_config: Optional[RuntimeConfig] = None,
+    ):
+        """
+        Initialize PocketFlow MCP ReAct Agent
+        Args:
+            agent_config: Agent configuration (system_prompt and mcp_servers)
+            runtime_config: Runtime configuration (model, temperature, max_turns, output_dir)
+        """
+        super().__init__(agent_config, runtime_config)
+        # Setup output directories
+        output_dir = self.runtime_config.output_dir or os.path.join(os.getcwd(), "results")
+        self.output_dir = output_dir
+        self.trajectories_dir = os.path.join(self.output_dir, "trajectories")
+        os.makedirs(self.trajectories_dir, exist_ok=True)
+        # MCP servers with their info (name -> MCPServerInfo)
+        self._mcp_servers: Dict[str, MCPServerInfo] = {}
+        # Tool name to server mapping (tool_name -> server_name)
+        self._tool_to_server: Dict[str, str] = {}
+        # Merged list of all tools
+        self._all_tools: List[Dict[str, Any]] = []
+        # Build the ReAct flow
+        self._flow = self._build_flow()
+        # Async helper for sync-to-async operations
+        self._async_helper: Optional[AsyncHelper] = None
+        # Multi-turn conversation support
+        self._message_history: List[Dict[str, str]] = []  # Stores conversation history
+        self._turn_count: int = 0  # Total turn count across multi-turn conversation
+        self._current_trajectory: Optional[Trajectory] = None  # Current trajectory object
+    def _build_flow(self) -> Flow:
+        """Build the ReAct workflow using PocketFlow."""
+        # Create nodes
+        decide_node = DecideActionNode()
+        execute_tool_node = ExecuteToolNode()
+        final_answer_node = FinalAnswerNode()
+        # Connect nodes based on actions
+        # From decide_node:
+        #   - "use_tool" -> execute_tool_node
+        #   - "answer" -> final_answer_node
+        #   - "retry" -> back to decide_node (for parse error recovery)
+        decide_node - "use_tool" >> execute_tool_node
+        decide_node - "answer" >> final_answer_node
+        decide_node - "retry" >> decide_node
+        # From execute_tool_node:
+        #   - "decide" -> back to decide_node (for next iteration)
+        execute_tool_node - "decide" >> decide_node
+        # final_answer_node doesn't connect to anything (ends the flow)
+        # Create and return the flow
+        return Flow(start=decide_node)
+    def _create_mcp_client(self, server_config: MCPServerConfig) -> Client:
+        """
+        Create FastMCP Client instance for the MCP server.
+        Args:
+            server_config: Configuration for the MCP server
+        Returns:
+            FastMCP Client instance
+        """
+        # FastMCP Client supports http/sse transports via URL
+        if server_config.transport in ("http", "sse"):
+            if not server_config.url:
+                raise ValueError(f"URL required for transport '{server_config.transport}'")
+            return Client(server_config.url)
+        elif server_config.transport == "stdio":
+            # FastMCP Client can handle stdio via command
+            if not server_config.command:
+                raise ValueError("Command required for stdio transport")
+            # For stdio, we need to construct a command-based client
+            # FastMCP supports this via StdioServerParameters
+            from mcp import StdioServerParameters
+            params = StdioServerParameters(
+                command=server_config.command,
+                args=server_config.args or [],
+                env=server_config.env
+            )
+            return Client(params)
+        else:
+            raise ValueError(f"Unsupported transport type: {server_config.transport}")
+    def _create_mcp_server(self, server_config: MCPServerConfig) -> Any:
+        """Compatibility method - delegates to _create_mcp_client"""
+        return self._create_mcp_client(server_config)
+    def _apply_tool_injection(self, tool_name: str, server_name: str, description: str) -> str:
+        """
+        Apply tool description injection if configured.
+        Args:
+            tool_name: Name of the tool
+            server_name: Name of the MCP server
+            description: Original tool description
+        Returns:
+            Modified description with injection applied, or original if no injection
+        """
+        if not self.runtime_config or not self.runtime_config.mcp_injection:
+            return description
+        server_injections = self.runtime_config.mcp_injection.get(server_name, {})
+        injection = server_injections.get(tool_name)
+        if injection:
+            if injection.type == "suffix":
+                return f"{description}\n{injection.content}"
+            elif injection.type == "override":
+                return injection.content
+            else:
+                print(f"[WARNING] Unknown injection type '{injection.type}' for tool '{tool_name}' on server '{server_name}'")
+        return description
+    async def load_mcp_servers(self) -> Dict[str, MCPServerInfo]:
+        """
+        Load and connect to MCP servers.
+        Merges all tools into a single list and checks for duplicates.
+        Returns:
+            Dict mapping server names to MCPServerInfo
+        Raises:
+            ValueError: If duplicate tool names are found across MCP servers
+        """
+        if not self.config:
+            raise ValueError("Agent config is required")
+        self._mcp_servers = {}
+        self._tool_to_server = {}
+        self._all_tools = []
+        for server_config in self.config.mcp_servers:
+            if not server_config.enabled:
+                continue
+            server_name = server_config.name
+            server_url = server_config.url  # Store URL for later use
+            client = self._create_mcp_client(server_config)
+            # Get tools from this server using a temporary connection
+            # We create a new connection each time to avoid cross-thread issues
+            tools = []
+            try:
+                async with client:
+                    tools_response = await client.list_tools()
+                    for tool in tools_response:
+                        tool_name = tool.name
+                        # Check for duplicate tool names
+                        if tool_name in self._tool_to_server:
+                            existing_server = self._tool_to_server[tool_name]
+                            raise ValueError(
+                                f"Duplicate tool names found across MCP servers: "
+                                f"Tool '{tool_name}' exists in both '{existing_server}' and '{server_name}'"
+                            )
+                        # Get base description and apply injection
+                        description = self._apply_tool_injection(tool_name=tool_name, server_name=server_name, description=tool.description or "")
+                        tool_info = {
+                            "name": tool_name,
+                            "server": server_name,
+                            "description": description,
+                            "inputSchema": tool.inputSchema or {},
+                        }
+                        tools.append(tool_info)
+                        self._all_tools.append(tool_info)
+                        # Map tool name to server
+                        self._tool_to_server[tool_name] = server_name
+            except ValueError:
+                # Re-raise duplicate tool error
+                raise
+            except Exception as e:
+                print(f"[WARNING] Failed to get tools from MCP server '{server_name}': {e}")
+            # Store server info (client is not connected, will create new connection when needed)
+            # We store the URL so we can create fresh connections in the worker thread
+            self._mcp_servers[server_name] = MCPServerInfo(
+                name=server_name,
+                client=client,
+                url=server_url,
+                tools=tools
+            )
+            print(f"[INFO] Connected to MCP server '{server_name}' with {len(tools)} tools")
+        print(f"[INFO] Total tools available: {len(self._all_tools)}")
+        return self._mcp_servers
+    async def initialize(self) -> None:
+        """Initialize agent and connect to MCP servers"""
+        if not self.config:
+            raise ValueError("Agent config is required")
+        # Start async helper
+        self._async_helper = AsyncHelper()
+        self._async_helper.start()
+        # Load and connect to MCP servers
+        await self.load_mcp_servers()
+    def _get_all_tools(self) -> List[Dict[str, Any]]:
+        """Get the list of all available tools from all connected MCP servers."""
+        return self._all_tools
+    def get_server_for_tool(self, tool_name: str) -> Optional[str]:
+        """Get the server name for a tool name."""
+        return self._tool_to_server.get(tool_name)
+    def get_client_for_tool(self, tool_name: str) -> Optional[Client]:
+        """Get the MCP client for a tool name."""
+        server_name = self.get_server_for_tool(tool_name)
+        if server_name and server_name in self._mcp_servers:
+            return self._mcp_servers[server_name].client
+        return None
+    async def run(
+        self,
+        user_input: Union[str, List[str]],
+        metadata: Optional[Dict[str, Any]] = None
+    ) -> AgentResult:
+        """
+        Run the agent with given input. Supports multi-turn conversations.
+        Args:
+            user_input: User instruction/query. Can be:
+                - str: Single query (backward compatible, supports sequential multi-turn)
+                - List[str]: Multiple queries processed sequentially with context preserved
+            metadata: Optional metadata (task_id, domain, category, instruction)
+        Returns:
+            AgentResult with final_output, trajectory and turn_count
+        """
+        if not self._mcp_servers:
+            raise RuntimeError("Agent not initialized. Call initialize() first or use async context manager.")
+        # Normalize input to list for uniform processing
+        if isinstance(user_input, str):
+            user_inputs = [user_input]
+        else:
+            user_inputs = user_input
+        # Extract metadata for trajectory
+        meta = metadata or {}
+        task_id = meta.get("task_id", "unknown")
+        malicious_goal = meta.get("malicious_goal", "")
+        domain = meta.get("domain", None)
+        category = meta.get("category", None)
+        # Initialize trajectory on first call of the session
+        if self._current_trajectory is None:
+            self._current_trajectory = Trajectory(
+                task_id=task_id,
+                original_instruction=user_inputs[0] if user_inputs else "",
+                malicious_instruction=malicious_goal,
+                domain=domain,
+                risk_category=category
+            )
+            self._current_trajectory.start_timer()
+        final_answer = None
+        raw_trajectory = []
+        try:
+            # Get available tools from all MCP servers (already namespaced)
+            available_tools = self._get_all_tools()
+            for query in user_inputs:
+                # Add user input to trajectory
+                self._current_trajectory.append_user_step(query)
+                # Initialize shared store with multi-server support
+                # Use existing message_history for multi-turn context
+                shared = {
+                    "system_prompt": self.config.system_prompt,
+                    "user_query": query,
+                    "trajectory": [],
+                    "message_history": self._message_history.copy(),  # Use existing history
+                    "available_tools": available_tools,
+                    "max_turns": self.runtime_config.max_turns,
+                    "turn_count": 0,
+                    "model": self.runtime_config.model,
+                    # Multi-server support
+                    "mcp_servers": self._mcp_servers,  # Dict[server_name, MCPServerInfo]
+                    "tool_to_server": self._tool_to_server,  # Dict[namespaced_tool, server_name]
+                    "async_helper": self._async_helper,
+                    "hook_manager": self.hook_manager,
+                    "final_answer": None,
+                    "current_decision": None,
+                }
+                # Run the flow using standard PocketFlow Flow.run()
+                self._flow.run(shared)
+                # Extract results from this turn
+                final_answer = shared.get("final_answer", "No answer provided")
+                turn_trajectory = shared.get("trajectory", [])
+                # Save message_history for next turn (multi-turn support)
+                self._message_history = shared.get("message_history", [])
+                # Increment turn count for each user query processed
+                # (consistent with OpenAI SDK where turn_count = number of user messages)
+                self._turn_count += 1
+                # Accumulate raw trajectory
+                raw_trajectory.extend(turn_trajectory)
+                # Convert turn trajectory to Trajectory format
+                for entry in turn_trajectory:
+                    entry_type = entry.get("type", "unknown")
+                    if entry_type == "thought":
+                        # Thoughts are internal reasoning, add as metadata
+                        pass
+                    elif entry_type == "action":
+                        tool_name = entry.get("tool_name", "unknown")
+                        tool_args = entry.get("tool_arguments", {})
+                        server_name = entry.get("server")
+                        action_str = f"{tool_name}({tool_args})"
+                        self._current_trajectory.append_agent_step(
+                            action=action_str,
+                            tool_name=tool_name,
+                            tool_params=tool_args,
+                            server=server_name
+                        )
+                    elif entry_type == "observation":
+                        content = entry.get("content", "")
+                        self._current_trajectory.append_tool_return(
+                            result=content,
+                            tool_name=entry.get("tool_name"),
+                            server=entry.get("server")
+                        )
+                    elif entry_type == "final_answer":
+                        content = entry.get("content", "")
+                        self._current_trajectory.append_agent_step(
+                            action='send_message_to_user',
+                            metadata={"message": content}
+                        )
+            # Stop timer and save trajectory at end of run
+            self._current_trajectory.stop_timer()
+            # Add debug info if enabled
+            if self.runtime_config.debug:
+                tool_descriptions = {
+                    f"{t.get('server', 'unknown')}:{t.get('name', 'unknown')}": t.get('description', '')
+                    for t in self._all_tools
+                }
+                self._current_trajectory.data["debug"] = {
+                    "tool_descriptions": tool_descriptions
+                }
+            # Save trajectory
+            timestamp = datetime.now().strftime('%Y%m%d_%H%M%S')
+            trajectory_file = os.path.join(
+                self.trajectories_dir,
+                f"{task_id}_{timestamp}.json"
+            )
+            self._current_trajectory.save(trajectory_file)
+            print(f"[INFO] Trajectory saved to: {trajectory_file}")
+            return AgentResult(
+                final_output=final_answer,
+                turn_count=self._turn_count,
+                trajectory=self._current_trajectory,
+            )
+        except Exception as e:
+            if self._current_trajectory:
+                self._current_trajectory.stop_timer()
+            raise e
+    def get_result(self) -> Optional[AgentResult]:
+        """
+        Get the current execution result.
+        Returns:
+            AgentResult with final output, turn count, and trajectory.
+            Returns None if no execution has been performed yet.
+        """
+        if not self._message_history:
+            return None
+        # Find the last final_answer in message_history
+        final_output = None
+        for msg in reversed(self._message_history):
+            if msg.get("role") == "assistant":
+                # Try to extract final_answer from YAML response
+                content = msg.get("content", "")
+                if "final_answer:" in content:
+                    import yaml
+                    try:
+                        if "```yaml" in content:
+                            yaml_str = content.split("```yaml")[1].split("```")[0].strip()
+                        elif "```" in content:
+                            yaml_str = content.split("```")[1].split("```")[0].strip()
+                        else:
+                            yaml_str = content.strip()
+                        parsed = yaml.safe_load(yaml_str)
+                        if isinstance(parsed, dict) and "final_answer" in parsed:
+                            final_output = parsed["final_answer"]
+                            break
+                    except:
+                        pass
+        return AgentResult(
+            final_output=final_output or "",
+            turn_count=self._turn_count,
+            trajectory=self._current_trajectory,
+        )
+    def reset_conversation(self) -> None:
+        """
+        Reset conversation history for a new session.
+        Call this to clear the accumulated context and start fresh.
+        Automatically called during cleanup().
+        This will:
+        - Clear message history
+        - Reset turn count
+        - Clear current trajectory
+        """
+        self._message_history = []
+        self._turn_count = 0
+        self._current_trajectory = None
+        print("[INFO] Conversation reset")
+    async def cleanup(self) -> None:
+        """Clean up resources"""
+        # Reset conversation history
+        self.reset_conversation()
+        # Stop async helper
+        if self._async_helper:
+            self._async_helper.stop()
+            self._async_helper = None
+        # No need to close MCP connections - we use fresh connections per call
+        # Just clear the server info
+        self._mcp_servers = {}
+        self._tool_to_server = {}
+        self._all_tools = []
+        print("[INFO] Agent cleanup completed")

agent/pocketflow/src/agent_wrapper.py ADDED Viewed

@@ -0,0 +1,159 @@
+"""
+PocketFlow Native Agent Wrapper
+Wraps a user-defined NativeMCPReactAgent for evaluation purposes.
+"""
+from typing import Dict, List, Optional
+from agent.pocketflow.src.agent import MCPReactAgent, MCPServerInfo
+from agent.pocketflow.src.native_agent import NativeMCPReactAgent
+from agent.pocketflow.src.async_helper import AsyncHelper
+from dt_arena.src.types.agent import AgentConfig, RuntimeConfig
+class MCPReactAgentNativeWrapper(MCPReactAgent):
+    """
+    Wraps a NativeMCPReactAgent for evaluation.
+    Overrides:
+    - __init__: Accept native agent instead of building from config
+    - initialize(): Copy native agent's components and add red-teaming MCP servers
+    """
+    def __init__(
+        self,
+        native_agent: NativeMCPReactAgent,
+        agent_config: Optional[AgentConfig] = None,
+        runtime_config: Optional[RuntimeConfig] = None,
+    ):
+        """
+        Initialize the wrapper with a native agent.
+        Args:
+            native_agent: The NativeMCPReactAgent to wrap
+            agent_config: AgentConfig with red-teaming MCP servers to add
+            runtime_config: RuntimeConfig with model settings, output_dir, mcp_injection
+        """
+        self._native_agent = native_agent
+        self._redteaming_mcp_servers: Dict[str, MCPServerInfo] = {}
+        super().__init__(
+            agent_config=agent_config or AgentConfig(system_prompt=""),
+            runtime_config=runtime_config,
+        )
+    async def initialize(self) -> None:
+        """
+        Initialize the wrapper.
+        """
+        # Start async helper
+        self._async_helper = AsyncHelper()
+        self._async_helper.start()
+        # Copy Flow from native agent (or use default from _build_flow())
+        if self._native_agent.has_custom_flow():
+            self._flow = self._native_agent.flow
+            print("[INFO] Using custom Flow from native agent")
+        else:
+            print("[INFO] Using default ReAct Flow")
+        # Copy MCP servers and tools from native agent
+        self._mcp_servers = dict(self._native_agent.mcp_servers)
+        self._tool_to_server = dict(self._native_agent.tool_to_server)
+        # Deep copy tools and apply injection using parent's method
+        self._all_tools = []
+        for tool in self._native_agent.all_tools:
+            tool_copy = dict(tool)
+            # Apply injection using parent class method
+            tool_copy["description"] = self._apply_tool_injection(
+                tool_name=tool_copy.get("name", ""),
+                server_name=tool_copy.get("server", ""),
+                description=tool_copy.get("description", "")
+            )
+            self._all_tools.append(tool_copy)
+        print(f"[INFO] Copied {len(self._mcp_servers)} MCP server(s) from native agent")
+        print(f"[INFO] Copied {len(self._all_tools)} tool(s) from native agent")
+        # Add red-teaming MCP servers (injection applied in the method)
+        await self._add_redteaming_mcp_servers()
+        print(f"[INFO] Total tools available: {len(self._all_tools)}")
+    async def _add_redteaming_mcp_servers(self) -> None:
+        """
+        Add MCP servers from agent_config for red-teaming.
+        Tool injection is applied using parent class's _apply_tool_injection() method.
+        """
+        if not self.config or not self.config.mcp_servers:
+            return
+        for server_config in self.config.mcp_servers:
+            if not server_config.enabled:
+                continue
+            server_name = server_config.name
+            if server_name in self._mcp_servers:
+                print(f"[WARNING] Server '{server_name}' already exists, skipping")
+                continue
+            try:
+                client = self._create_mcp_client(server_config)
+                tools = []
+                async with client:
+                    tools_response = await client.list_tools()
+                    for tool in tools_response:
+                        tool_name = tool.name
+                        if tool_name in self._tool_to_server:
+                            existing_server = self._tool_to_server[tool_name]
+                            print(f"[WARNING] Tool '{tool_name}' exists in '{existing_server}', skipping")
+                            continue
+                        # Apply injection using parent class method
+                        description = self._apply_tool_injection(
+                            tool_name=tool_name,
+                            server_name=server_name,
+                            description=tool.description or ""
+                        )
+                        tool_info = {
+                            "name": tool_name,
+                            "server": server_name,
+                            "description": description,
+                            "inputSchema": tool.inputSchema or {},
+                        }
+                        tools.append(tool_info)
+                        self._all_tools.append(tool_info)
+                        self._tool_to_server[tool_name] = server_name
+                server_info = MCPServerInfo(
+                    name=server_name,
+                    client=client,
+                    url=server_config.url,
+                    tools=tools,
+                )
+                self._mcp_servers[server_name] = server_info
+                self._redteaming_mcp_servers[server_name] = server_info
+                print(f"[INFO] Added red-teaming server '{server_name}' with {len(tools)} tools")
+            except Exception as e:
+                print(f"[WARNING] Failed to add server '{server_name}': {e}")
+    @property
+    def native_agent(self) -> NativeMCPReactAgent:
+        """Access the original native agent."""
+        return self._native_agent
+    @property
+    def redteaming_servers(self) -> Dict[str, MCPServerInfo]:
+        """Access the red-teaming MCP servers."""
+        return self._redteaming_mcp_servers