decodingtrust-agent-sdk 0.1.0__py3-none-any.whl

dt_arena/config/injection_mcp.yaml

@@ -0,0 +1,430 @@
+global:
+  base_dir: ../injection_mcp_server
+  log_dir: ../../logs
+  python_executable: python3
+
+servers:
+  - name: gmail
+    description: Gmail MCP server backed by Mailpit for sandboxed email operations
+    path: gmail/main.py
+    enabled: false
+    env:
+      MAILPIT_BASE_URL: http://128.111.28.87:8025
+      API_PROXY_URL: http://128.111.28.87:8031
+      MAILPIT_SMTP_HOST: http://128.111.28.87
+      MAILPIT_SMTP_PORT: 1025
+      AUTH_API_URL: http://128.111.28.87:8030
+      USER_ACCESS_TOKEN: ""  # Set per-user or leave empty
+    transport: sse
+
+  # Customer Service Environment Injection MCP Server (red-teaming)
+  - name: customer-service-injection
+    target_environment: customer_service
+    description: Customer Service environment injection MCP server for red-teaming (inject case notes, order metadata, policy overrides)
+    path: customer_service/env_injection.py
+    enabled: true
+    env:
+      CS_ENV_INJECTION_MCP_HOST: "localhost"
+      CS_ENV_INJECTION_MCP_PORT: "10316"
+      CS_API_BASE: "http://127.0.0.1:${CUSTOMER_SERVICE_API_PORT}"
+      DATABASE_URL: "postgresql://postgres:password@127.0.0.1:${CUSTOMER_SERVICE_DB_PORT}/customer_service"
+    transport: http
+    command: ["python3", "env_injection.py"]
+
+  # Salesforce Environment Injection MCP Server (red-teaming)
+  - name: salesforce-injection
+    target_environment: salesforce
+    description: Salesforce environment injection MCP server for red-teaming (inject leads, contacts, accounts, opportunities, etc.)
+    path: salesforce/env_injection.py
+    enabled: true
+    env:
+      # Injection Server Port (dynamically allocated)
+      SALESFORCE_ENV_INJECTION_MCP_PORT: "8851"
+
+      # Base URL for SuiteCRM instance (uses dynamic port from Docker environment)
+      SUITECRM_BASE_URL: "http://127.0.0.1:${SALESFORCE_API_PORT}"
+
+      # OAuth2 Grant Type: "password" or "client_credentials"
+      SUITECRM_GRANT_TYPE: "client_credentials"
+
+      # OAuth2 Client Credentials
+      SUITECRM_CLIENT_ID: "17817554-086b-83d1-bf9d-69026221f529"
+      SUITECRM_CLIENT_SECRET: "mcp-secret-123"
+
+      # Password Grant Credentials (when using grant_type="password")
+      SUITECRM_USERNAME: "bitnami"
+      SUITECRM_PASSWORD: "user"
+
+      # Optional: Pre-supplied access token (if already authenticated)
+      SUITECRM_ACCESS_TOKEN: ""
+
+    transport: http
+    # Command to launch the MCP server
+    command: ["python3", "env_injection.py"]
+
+  # Legal Injection MCP Server (red-teaming)
+  # Uses FastMCP and POSTs to main legal server's REST API
+  - name: legal-injection
+    target_environment: legal
+    description: Legal environment injection MCP server for red-teaming (inject cases, statutes, matter data)
+    path: legal/env_injection.py
+    enabled: true
+    env:
+      LEGAL_ENV_INJECTION_MCP_HOST: "localhost"
+      LEGAL_ENV_INJECTION_MCP_PORT: "8864"
+      LEGAL_HOST: "127.0.0.1"
+      LEGAL_PORT: "${LEGAL_WEB_PORT}"
+    transport: http
+    command: ["python3", "env_injection.py"]
+
+  # Finance Injection MCP Server (red-teaming)
+  - name: finance-injection
+    target_environment: finance
+    description: Finance injection MCP server for prompt injection in finance web
+    path: finance/env_injection.py
+    enabled: true
+    env:
+      PORT: "8863"
+      FINANCE_WEB_URL: "http://127.0.0.1:${FINANCE_WEB_PORT}"
+    transport: http
+    command: ["python3", "env_injection.py", "--port", "$PORT", "--web-url", "$FINANCE_WEB_URL"]
+
+  # OS-Filesystem Injection MCP Server (for red-teaming)
+  - name: os-filesystem-injection
+    description: OS-Filesystem environment injection MCP server for red-teaming
+    path: os-filesystem/env_injection.py
+    enabled: true
+    env:
+      FILESYSTEM_API_HOST: "127.0.0.1"
+      FILESYSTEM_API_PORT: "${OS_FILESYSTEM_API_PORT}"
+      USER_ACCESS_TOKEN: ""  # Set per-session
+      OS_FILESYSTEM_INJECTION_MCP_HOST: "localhost"
+      OS_FILESYSTEM_INJECTION_MCP_PORT: "10306"
+    transport: http
+    command: ["python3", "env_injection.py"]
+
+  # Gmail Environment Injection MCP Server (red-teaming)
+  - name: gmail-injection
+    target_environment: gmail
+    description: Gmail environment injection MCP server for red-teaming (inject emails via SMTP)
+    path: gmail/env_injection.py
+    enabled: true
+    env:
+      GMAIL_ENV_INJECTION_MCP_HOST: "localhost"
+      GMAIL_ENV_INJECTION_MCP_PORT: "8870"
+      GMAIL_SMTP_HOST: "127.0.0.1"
+      GMAIL_SMTP_PORT: "${GMAIL_SMTP_PORT}"
+    transport: http
+    command: ["python3", "env_injection.py"]
+
+  # Slack Environment Injection MCP Server (red-teaming)
+  - name: slack-injection
+    target_environment: slack
+    description: Slack environment injection MCP server for red-teaming (inject messages, DMs)
+    path: slack/env_injection.py
+    enabled: true
+    env:
+      SLACK_ENV_INJECTION_MCP_HOST: "localhost"
+      SLACK_ENV_INJECTION_MCP_PORT: "8871"
+      SLACK_API_URL: "http://127.0.0.1:${SLACK_API_PORT}"
+    transport: http
+    command: ["python3", "env_injection.py"]
+
+  # Calendar Environment Injection MCP Server (red-teaming)
+  - name: calendar-injection
+    target_environment: calendar
+    description: Calendar environment injection MCP server for red-teaming (inject calendar events)
+    path: calendar/env_injection.py
+    enabled: true
+    env:
+      CALENDAR_ENV_INJECTION_MCP_HOST: "localhost"
+      CALENDAR_ENV_INJECTION_MCP_PORT: "8872"
+      CALENDAR_API_URL: "http://127.0.0.1:${CALENDAR_API_PORT}"
+      CALENDAR_ACCESS_TOKEN: "tok_Calendar_Tom_v1"  # Fixed token for sandbox
+    transport: http
+    command: ["python3", "env_injection.py"]
+
+  # Zoom Environment Injection MCP Server (red-teaming)
+  - name: zoom-injection
+    target_environment: zoom
+    description: Zoom environment injection MCP server for red-teaming (inject meetings)
+    path: zoom/env_injection.py
+    enabled: true
+    env:
+      ZOOM_ENV_INJECTION_MCP_HOST: "localhost"
+      ZOOM_ENV_INJECTION_MCP_PORT: "8873"
+      ZOOM_API_URL: "http://127.0.0.1:${ZOOM_API_PORT}"
+      ZOOM_ACCESS_TOKEN: "tok_Zoom_Tom_v1"  # Fixed token for sandbox
+    transport: http
+    command: ["python3", "env_injection.py"]
+
+  # Google Docs Environment Injection MCP Server (red-teaming)
+  - name: googledocs-injection
+    description: Google Docs environment injection MCP server for red-teaming (seed documents, comments, content)
+    path: googledocs/env_injection.py
+    enabled: true
+    env:
+      GOOGLEDOCS_ENV_INJECTION_MCP_HOST: "localhost"
+      GOOGLEDOCS_ENV_INJECTION_MCP_PORT: "8879"
+      GOOGLEDOCS_API_URL: "http://127.0.0.1:${GOOGLEDOCS_API_PORT}"
+      GOOGLEDOCS_USER_ACCESS_TOKEN: "tok_GDocs_Tom_v1"  # Default victim token; override per-task if needed
+    transport: http
+    command: ["python3", "env_injection.py"]
+
+  # WhatsApp Environment Injection MCP Server (red-teaming)
+  - name: whatsapp-injection
+    description: WhatsApp environment injection MCP server for red-teaming (inject messages into the victim's chat threads)
+    path: whatsapp/env_injection.py
+    enabled: true
+    env:
+      WHATSAPP_ENV_INJECTION_MCP_HOST: "localhost"
+      WHATSAPP_ENV_INJECTION_MCP_PORT: "8872"
+      WHATSAPP_API_URL: "http://127.0.0.1:${WHATSAPP_API_PORT}"
+      WHATSAPP_USER_ACCESS_TOKEN: "tok_WhatsApp_Tom_v1"  # Default victim token; override per-task if needed
+    transport: http
+    command: ["python3", "env_injection.py"]
+
+  # Google Form Environment Injection MCP Server (red-teaming)
+  - name: google-form-injection
+    target_environment: google-form
+    description: Google Form environment injection MCP server for red-teaming (inject form responses)
+    path: google_form/env_injection.py
+    enabled: true
+    env:
+      FORM_ENV_INJECTION_MCP_HOST: "localhost"
+      FORM_ENV_INJECTION_MCP_PORT: "8874"
+      FORM_API_URL: "http://127.0.0.1:${GOOGLE_FORM_API_PORT}"
+    transport: http
+    command: ["python3", "env_injection.py"]
+
+  - name: googlesheets-injection
+    description: Google Sheets environment injection MCP server for red-teaming
+    path: googlesheets/env_injection.py
+    enabled: true
+    env:
+      GOOGLESHEETS_ENV_INJECTION_MCP_HOST: "localhost"
+      GOOGLESHEETS_ENV_INJECTION_MCP_PORT: "8881"
+      GOOGLESHEETS_API_URL: "http://127.0.0.1:${GOOGLESHEETS_API_PORT}"
+      GOOGLESHEETS_USER_ACCESS_TOKEN: "tok_GSheets_Alice_v1"
+    transport: http
+    command: ["python3", "env_injection.py"]
+
+  - name: googledrive-injection
+    description: Google Drive environment injection MCP server for red-teaming
+    path: googledrive/env_injection.py
+    enabled: true
+    env:
+      GOOGLEDRIVE_ENV_INJECTION_MCP_HOST: "localhost"
+      GOOGLEDRIVE_ENV_INJECTION_MCP_PORT: "8882"
+      GOOGLEDRIVE_API_URL: "http://127.0.0.1:${GOOGLEDRIVE_API_PORT}"
+      GOOGLEDRIVE_USER_ACCESS_TOKEN: "tok_GDrive_Alice_v1"
+    transport: http
+    command: ["python3", "env_injection.py"]
+
+  # Snowflake Environment Injection MCP Server (red-teaming)
+  # Note: Snowflake uses PostgreSQL port, not a separate API port
+  - name: snowflake-injection
+    target_environment: snowflake
+    description: Snowflake environment injection MCP server for red-teaming (inject data records)
+    path: snowflake/env_injection.py
+    enabled: true
+    env:
+      SNOWFLAKE_ENV_INJECTION_MCP_HOST: "localhost"
+      SNOWFLAKE_ENV_INJECTION_MCP_PORT: "8875"
+      SNOWFLAKE_PG_PORT: "${SNOWFLAKE_PG_PORT}"
+      SNOWFLAKE_POSTGRES_DSN: "postgresql://snow:snow@127.0.0.1:${SNOWFLAKE_PG_PORT}/snowdb"
+    transport: http
+    command: ["python3", "env_injection.py"]
+
+  # Databricks Environment Injection MCP Server (red-teaming)
+  # Note: Databricks uses PostgreSQL port, not a separate API port
+  - name: databricks-injection
+    target_environment: databricks
+    description: Databricks environment injection MCP server for red-teaming (inject data, notebooks)
+    path: databricks/env_injection.py
+    enabled: true
+    env:
+      DATABRICKS_ENV_INJECTION_MCP_HOST: "localhost"
+      DATABRICKS_ENV_INJECTION_MCP_PORT: "8876"
+      DATABRICKS_PG_PORT: "${DATABRICKS_PG_PORT}"
+    transport: http
+    command: ["python3", "env_injection.py"]
+
+  # PayPal Environment Injection MCP Server (red-teaming)
+  - name: paypal-injection
+    target_environment: paypal
+    description: PayPal environment injection MCP server for red-teaming (inject transactions, payment requests)
+    path: paypal/env_injection.py
+    enabled: true
+    env:
+      PAYPAL_ENV_INJECTION_MCP_HOST: "localhost"
+      PAYPAL_ENV_INJECTION_MCP_PORT: "8877"
+      PAYPAL_API_URL: "http://127.0.0.1:${PAYPAL_API_PORT}"
+    transport: http
+    command: ["python3", "env_injection.py"]
+
+  # Ecommerce Environment Injection MCP Server (red-teaming)
+  - name: ecommerce-injection
+    description: Ecommerce environment injection MCP server for red-teaming
+    path: ecommerce/env_injection.py
+    enabled: true
+    env:
+      ECOMMERCE_ENV_INJECTION_MCP_HOST: "localhost"
+      ECOMMERCE_ENV_INJECTION_MCP_PORT: "8878"
+      ECOMMERCE_UI_URL: "http://127.0.0.1:${ECOMMERCE_UI_PORT}"
+    transport: http
+    command: ["python", "env_injection.py"]
+
+  # Custom Website Environment Injection MCP Server (red-teaming)
+  - name: custom-website-injection
+    description: Custom Website environment injection MCP server for red-teaming
+    path: custom_website/env_injection.py
+    enabled: true
+    env:
+      CUSTOM_WEBSITE_ENV_INJECTION_MCP_HOST: "localhost"
+      CUSTOM_WEBSITE_ENV_INJECTION_MCP_PORT: "8879"
+      CUSTOM_WEBSITE_UI_URL: "http://127.0.0.1:${CUSTOM_WEBSITE_UI_PORT}"
+    transport: http
+    command: ["python", "env_injection.py"]
+
+  # Travel Environment Injection MCP Server (red-teaming)
+  - name: travel-injection
+    target_environment: travel
+    description: Travel environment injection MCP server for red-teaming (inject travel bookings)
+    path: travel/env_injection.py
+    enabled: true
+    env:
+      TRAVEL_ENV_INJECTION_MCP_HOST: "localhost"
+      TRAVEL_ENV_INJECTION_MCP_PORT: "10305"
+      TRAVEL_PORT: "${TRAVEL_PORT}"
+    transport: http
+    command: ["python3", "env_injection.py"]
+
+  # Telecom Environment Injection MCP Server (red-teaming)
+  - name: telecom-injection
+    description: Telecom environment injection MCP server for red-teaming (inject forum, account, bill, order, ticket data)
+    path: telecom/env_injection.py
+    enabled: true
+    env:
+      TELECOM_ENV_INJECTION_MCP_HOST: "localhost"
+      TELECOM_ENV_INJECTION_MCP_PORT: "10306"
+      TELECOM_HOST: "127.0.0.1"
+      TELECOM_PORT: "${TELECOM_PORT}"
+    transport: http
+    command: ["python3", "env_injection.py"]
+
+  # Atlassian Environment Injection MCP Server (red-teaming)
+  - name: atlassian-injection
+    target_environment: atlassian
+    description: Atlassian environment injection MCP server for red-teaming (inject Jira issues, Confluence pages)
+    path: atlassian/env_injection.py
+    enabled: true
+    env:
+      ATLASSIAN_ENV_INJECTION_MCP_HOST: "localhost"
+      ATLASSIAN_ENV_INJECTION_MCP_PORT: "8878"
+      ATLASSIAN_API_URL: "http://127.0.0.1:${ATLASSIAN_API_PORT}"
+      ATLASSIAN_ACCESS_TOKEN: "tok_Atlassian_Tom_v1"  # Fixed token for sandbox
+    transport: http
+    command: ["python3", "env_injection.py"]
+
+  # Terminal Environment Injection MCP Server (red-teaming)
+  - name: terminal-injection
+    target_environment: terminal
+    description: Terminal environment injection MCP server for red-teaming (inject files and content into codebase)
+    path: terminal/env_injection.py
+    enabled: true
+    env:
+      TERMINAL_ENV_INJECTION_MCP_HOST: "localhost"
+      TERMINAL_ENV_INJECTION_MCP_PORT: "8842"
+      TERMINAL_PROJECT_NAME: "${PROJECT_NAME}"
+    transport: http
+    command: ["python3", "env_injection.py"]
+
+  # Research Environment Injection MCP Server (red-teaming)
+  - name: research-injection
+    description: Research environment injection MCP server for red-teaming (inject README, paper notes, fake papers, and HTML metadata)
+    path: research/env_injection.py
+    enabled: true
+    env:
+      RESEARCH_ENV_INJECTION_MCP_HOST: "localhost"
+      RESEARCH_ENV_INJECTION_MCP_PORT: "8847"
+      # RESEARCH_CONTAINER_NAME: ""  # Removed: empty string overrides inherited parent env var
+      # TASK_DOCKER_CLIENT_CONTAINER_NAME: ""  # Removed: inherited from parent process (set by evaluation.py)
+      ARXIV_API_URL: "http://localhost:8034"
+      DOCKER_HOST: "unix:///var/run/docker.sock"
+    transport: http
+    command: ["python3", "env_injection.py"]
+    
+  # Telegram Environment Injection MCP Server (red-teaming)
+  - name: telegram-injection
+    target_environment: telegram
+    description: Telegram environment injection MCP server for red-teaming (inject messages, contacts)
+    path: telegram/env_injection.py
+    enabled: true
+    env:
+      TELEGRAM_ENV_INJECTION_MCP_HOST: "localhost"
+      TELEGRAM_ENV_INJECTION_MCP_PORT: "8880"
+      TELEGRAM_API_URL: "http://127.0.0.1:${TELEGRAM_API_PORT}"
+      TELEGRAM_ADMIN_TOKEN: "tok_Telegram_Admin_v1"
+    transport: http
+    command: ["python3", "env_injection.py"]
+  - name: github-injection
+    target_environment: github
+    description: GitHub environment injection MCP server for red-teaming (inject repos, branches, commits, PRs, comments)
+    path: github/env_injection.py
+    enabled: true
+    env:
+      GITHUB_ENV_INJECTION_MCP_HOST: "localhost"
+      GITHUB_ENV_INJECTION_MCP_PORT: "8880"
+      GITHUB_API_URL: "http://127.0.0.1:${GITHUB_API_PORT}"
+      GITHUB_ACCESS_TOKEN: ""
+      GITHUB_ADMIN_LOGIN: "admin"
+      GITHUB_ADMIN_PASSWORD: "admin123"
+    transport: http
+    command: ["uv", "run", "python", "env_injection.py"]
+
+  # Windows Environment Injection MCP Server (red-teaming)
+  # Proxies to two in-VM services:
+  #   - Windows MCP API (PowerShell, app launch, file I/O)
+  #   - Office Service API (Word, Excel, PowerPoint)
+  - name: windows-injection
+    description: Windows environment injection MCP server for red-teaming (files, registry, Office docs)
+    path: windows/env_injection.py
+    enabled: true
+    env:
+      WINDOWS_INJECTION_MCP_HOST: "localhost"
+      WINDOWS_INJECTION_MCP_PORT: "8879"
+      WINDOWS_API_HOST: "127.0.0.1"
+      WINDOWS_API_PORT: "${MCP_SERVICE_PORT}"
+      OFFICE_API_HOST: "127.0.0.1"
+      OFFICE_API_PORT: "${OFFICE_SERVICE_PORT}"
+    transport: http
+    command: ["python3", "env_injection.py"]
+
+  # macOS Environment Injection MCP Server (red-teaming)
+  # Proxies to macOS FastAPI backend (SSH shell, VNC, file I/O)
+  - name: macos-injection
+    description: macOS environment injection MCP server for red-teaming (files, shell, plist, cron)
+    path: macos/env_injection.py
+    enabled: true
+    env:
+      MACOS_INJECTION_MCP_HOST: "localhost"
+      MACOS_INJECTION_MCP_PORT: "8881"
+      MACOS_API_HOST: "127.0.0.1"
+      MACOS_API_PORT: "${MCP_SERVICE_PORT}"
+    transport: http
+    command: ["python3", "env_injection.py"]
+
+  # Hospital Environment Injection MCP Server (red-teaming)
+  - name: hospital-env-injection
+    target_environment: hospital
+    description: Hospital environment injection MCP server for red-teaming (inject test results)
+    path: hospital/env_injection.py
+    enabled: true
+    env:
+      HOSPITAL_ENV_INJECTION_MCP_HOST: "localhost"
+      HOSPITAL_ENV_INJECTION_MCP_PORT: "12005"
+      HOSPITAL_HOST: "127.0.0.1"
+      HOSPITAL_PORT: "${HOSPITAL_PORT}"
+    transport: http
+    command: ["python", "env_injection.py"]