PyPI - hackagent - Versions diffs - 0.6.0__tar.gz → 0.9.1__tar.gz - Mend

hackagent 0.6.0tar.gz → 0.9.1tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (303) hide show

{hackagent-0.6.0 → hackagent-0.9.1}/.gitignore RENAMED Viewed

@@ -132,10 +132,6 @@ venv.bak/
 .dmypy.json
 dmypy.json
-tests/test_with_cineca_judge
-db_index/
-# BoN reference codebase (cloned repo, not imported)
-hackagent/attacks/techniques/bon/original_codebase/
-ATTACK_INTEGRATION_HANDOUT.md
+.copilotignore
+tests/e2e/attacks/

hackagent-0.9.1/PKG-INFO ADDED Viewed

@@ -0,0 +1,154 @@
+Metadata-Version: 2.4
+Name: hackagent
+Version: 0.9.1
+Summary: HackAgent is an open-source security toolkit to detect vulnerabilities of your AI Agents.
+Author-email: AI Security Lab <ais@ai4i.it>
+License: Apache-2.0
+License-File: LICENSE
+Keywords: agents,ai,security,testing,vulnerabilities
+Classifier: Development Status :: 4 - Beta
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: Apache Software License
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Programming Language :: Python :: 3.13
+Requires-Python: >=3.10
+Requires-Dist: click>=8.1.0
+Requires-Dist: datasets>=2.14.0
+Requires-Dist: faiss-cpu>=1.13.2
+Requires-Dist: httpx>=0.27.0
+Requires-Dist: litellm>=1.69.2
+Requires-Dist: nicegui>=2.0
+Requires-Dist: openai>=1.0.0
+Requires-Dist: pydantic[email]>=2.0
+Requires-Dist: python-dateutil>=2.8.0
+Requires-Dist: pyyaml>=6.0.0
+Requires-Dist: requests>=2.31.0
+Requires-Dist: rich>=14.0.0
+Requires-Dist: textual>=1.0.0
+Description-Content-Type: text/markdown
+<div align="center">
+<p align="center">
+  <img src="https://docs.hackagent.dev/img/banner.svg" alt="HackAgent - AI Agent Security Testing Toolkit" width="800">
+</p>
+  <strong>AI Security Red-Team Toolkit</strong>
+<br>
+[App](https://app.hackagent.dev/) -- [Docs](https://docs.hackagent.dev/) -- [API](https://api.hackagent.dev/schema/redoc)
+<br>
+![Python Version](https://img.shields.io/badge/python-3.10%2B-blue)
+![License](https://img.shields.io/badge/license-Apache%202.0-green)
+![uv](https://img.shields.io/endpoint?url=https://raw.githubusercontent.com/astral-sh/uv/main/assets/badge/v0.json)
+[![Commitizen](https://img.shields.io/badge/commitizen-friendly-brightgreen.svg)](http://commitizen.github.io/cz-cli/)
+![Ruff](https://img.shields.io/endpoint?url=https://raw.githubusercontent.com/astral-sh/ruff/main/assets/badge/v2.json)
+![Test Coverage](https://img.shields.io/codecov/c/github/AISecurityLab/hackagent)
+![CI Status](https://img.shields.io/github/actions/workflow/status/AISecurityLab/hackagent/ci.yml)
+</div>
+## What is HackAgent?
+HackAgent is a comprehensive Python SDK and CLI designed to help security researchers, developers, and AI safety practitioners evaluate and strengthen the security of AI agents.
+As AI agents become more powerful and autonomous, they face security challenges that traditional testing tools cannot address:
+| Threat | Description |
+|--------|-------------|
+| **Prompt Injection** | Malicious inputs that hijack agent behavior |
+| **Jailbreaking** | Bypassing safety guardrails and content filters |
+| **Goal Hijacking** | Manipulating agents to pursue unintended objectives |
+| **Tool Misuse** | Exploiting agent capabilities for unauthorized actions |
+HackAgent automates testing for these vulnerabilities using research-backed attack techniques, helping you identify and fix security issues before they are exploited.
+<div align="center">
+  <img src="docs/static/gifs/terminal.gif" alt="HackAgent CLI Demo" width="100%" />
+  <p><em>Interactive TUI with real-time attack progress and visual reporting.</em></p>
+</div>
+## Get Started Now
+### Quick Install
+```bash
+python3 -m venv .venv
+source .venv/bin/activate
+pip install hackagent
+```
+No API key required: HackAgent works locally out of the box.
+Questions? Join [community discussions](https://github.com/AISecurityLab/hackagent/discussions) or email ais@ai4i.it.
+## Architecture
+HackAgent uses a modular pipeline to test agent robustness end-to-end.
+| Component | Description |
+|-----------|-------------|
+| **Attack Engine** | Orchestrates attacks using AdvPrefix, AutoDAN-Turbo, PAIR, TAP, FlipAttack, BoN, h4rm3l, CipherChat, PAP, and Baseline |
+| **Generator** | LLM role that creates adversarial prompts to test the target agent |
+| **Judge** | LLM role that evaluates whether attacks bypass safety measures |
+| **Target Agent** | Your AI agent under test across supported frameworks |
+| **Datasets** | Pre-built benchmark presets plus custom HuggingFace/file datasets |
+## Supported Frameworks
+[![Google ADK](https://img.shields.io/badge/Google-ADK-green?style=for-the-badge&logo=google)](https://google.github.io/adk-docs/)
+[![OpenAI SDK](https://img.shields.io/badge/OpenAI-SDK-412991?style=for-the-badge&logo=openai)](https://platform.openai.com/docs)
+[![LiteLLM](https://img.shields.io/badge/LiteLLM-blue?style=for-the-badge&logo=github)](https://github.com/BerriAI/litellm)
+[![LangChain](https://img.shields.io/badge/LangChain-1C3C3C?style=for-the-badge)](https://python.langchain.com)
+## Reporting
+HackAgent supports both local and remote reporting.
+- Local mode stores test results in SQLite and includes a built-in dashboard.
+- Cloud mode syncs runs to the HackAgent remote platform when an API key is configured.
+```bash
+hackagent web
+```
+Access cloud reporting at [https://app.hackagent.dev](https://app.hackagent.dev).
+## Responsible Use
+HackAgent is designed for authorized security testing only. Always obtain explicit permission before testing any AI system.
+### Do
+- Test your own agents
+- Conduct authorized pentesting
+- Follow coordinated disclosure
+- Share security knowledge responsibly
+### Don't
+- Test systems without permission
+- Exploit vulnerabilities maliciously
+- Violate terms of service
+- Share harmful exploit instructions irresponsibly
+Read the full guidelines: [Responsible Disclosure](docs/docs/security/responsible-disclosure.md)
+## Contributing
+Contributions are welcome. See [CONTRIBUTING.md](CONTRIBUTING.md) and [CODE_OF_CONDUCT.md](CODE_OF_CONDUCT.md).
+## License
+Licensed under Apache-2.0. See [LICENSE](LICENSE).
+## Disclaimer
+HackAgent is intended for security research and AI safety improvement. The authors are not responsible for misuse.

hackagent-0.9.1/README.md ADDED Viewed

@@ -0,0 +1,122 @@
+<div align="center">
+<p align="center">
+  <img src="https://docs.hackagent.dev/img/banner.svg" alt="HackAgent - AI Agent Security Testing Toolkit" width="800">
+</p>
+  <strong>AI Security Red-Team Toolkit</strong>
+<br>
+[App](https://app.hackagent.dev/) -- [Docs](https://docs.hackagent.dev/) -- [API](https://api.hackagent.dev/schema/redoc)
+<br>
+![Python Version](https://img.shields.io/badge/python-3.10%2B-blue)
+![License](https://img.shields.io/badge/license-Apache%202.0-green)
+![uv](https://img.shields.io/endpoint?url=https://raw.githubusercontent.com/astral-sh/uv/main/assets/badge/v0.json)
+[![Commitizen](https://img.shields.io/badge/commitizen-friendly-brightgreen.svg)](http://commitizen.github.io/cz-cli/)
+![Ruff](https://img.shields.io/endpoint?url=https://raw.githubusercontent.com/astral-sh/ruff/main/assets/badge/v2.json)
+![Test Coverage](https://img.shields.io/codecov/c/github/AISecurityLab/hackagent)
+![CI Status](https://img.shields.io/github/actions/workflow/status/AISecurityLab/hackagent/ci.yml)
+</div>
+## What is HackAgent?
+HackAgent is a comprehensive Python SDK and CLI designed to help security researchers, developers, and AI safety practitioners evaluate and strengthen the security of AI agents.
+As AI agents become more powerful and autonomous, they face security challenges that traditional testing tools cannot address:
+| Threat | Description |
+|--------|-------------|
+| **Prompt Injection** | Malicious inputs that hijack agent behavior |
+| **Jailbreaking** | Bypassing safety guardrails and content filters |
+| **Goal Hijacking** | Manipulating agents to pursue unintended objectives |
+| **Tool Misuse** | Exploiting agent capabilities for unauthorized actions |
+HackAgent automates testing for these vulnerabilities using research-backed attack techniques, helping you identify and fix security issues before they are exploited.
+<div align="center">
+  <img src="docs/static/gifs/terminal.gif" alt="HackAgent CLI Demo" width="100%" />
+  <p><em>Interactive TUI with real-time attack progress and visual reporting.</em></p>
+</div>
+## Get Started Now
+### Quick Install
+```bash
+python3 -m venv .venv
+source .venv/bin/activate
+pip install hackagent
+```
+No API key required: HackAgent works locally out of the box.
+Questions? Join [community discussions](https://github.com/AISecurityLab/hackagent/discussions) or email ais@ai4i.it.
+## Architecture
+HackAgent uses a modular pipeline to test agent robustness end-to-end.
+| Component | Description |
+|-----------|-------------|
+| **Attack Engine** | Orchestrates attacks using AdvPrefix, AutoDAN-Turbo, PAIR, TAP, FlipAttack, BoN, h4rm3l, CipherChat, PAP, and Baseline |
+| **Generator** | LLM role that creates adversarial prompts to test the target agent |
+| **Judge** | LLM role that evaluates whether attacks bypass safety measures |
+| **Target Agent** | Your AI agent under test across supported frameworks |
+| **Datasets** | Pre-built benchmark presets plus custom HuggingFace/file datasets |
+## Supported Frameworks
+[![Google ADK](https://img.shields.io/badge/Google-ADK-green?style=for-the-badge&logo=google)](https://google.github.io/adk-docs/)
+[![OpenAI SDK](https://img.shields.io/badge/OpenAI-SDK-412991?style=for-the-badge&logo=openai)](https://platform.openai.com/docs)
+[![LiteLLM](https://img.shields.io/badge/LiteLLM-blue?style=for-the-badge&logo=github)](https://github.com/BerriAI/litellm)
+[![LangChain](https://img.shields.io/badge/LangChain-1C3C3C?style=for-the-badge)](https://python.langchain.com)
+## Reporting
+HackAgent supports both local and remote reporting.
+- Local mode stores test results in SQLite and includes a built-in dashboard.
+- Cloud mode syncs runs to the HackAgent remote platform when an API key is configured.
+```bash
+hackagent web
+```
+Access cloud reporting at [https://app.hackagent.dev](https://app.hackagent.dev).
+## Responsible Use
+HackAgent is designed for authorized security testing only. Always obtain explicit permission before testing any AI system.
+### Do
+- Test your own agents
+- Conduct authorized pentesting
+- Follow coordinated disclosure
+- Share security knowledge responsibly
+### Don't
+- Test systems without permission
+- Exploit vulnerabilities maliciously
+- Violate terms of service
+- Share harmful exploit instructions irresponsibly
+Read the full guidelines: [Responsible Disclosure](docs/docs/security/responsible-disclosure.md)
+## Contributing
+Contributions are welcome. See [CONTRIBUTING.md](CONTRIBUTING.md) and [CODE_OF_CONDUCT.md](CODE_OF_CONDUCT.md).
+## License
+Licensed under Apache-2.0. See [LICENSE](LICENSE).
+## Disclaimer
+HackAgent is intended for security research and AI safety improvement. The authors are not responsible for misuse.

{hackagent-0.6.0 → hackagent-0.9.1}/hackagent/__init__.py RENAMED Viewed

@@ -1,12 +1,15 @@
 # Copyright 2026 - AI4I. All rights reserved.
 # SPDX-License-Identifier: Apache-2.0
-"""A client library for accessing HackAgent API"""
+"""A client library for HackAgent — AI Agent Security Testing"""
 from .agent import HackAgent
-from .client import AuthenticatedClient, Client
+from .server.client import AuthenticatedClient, Client
 from .logger import setup_package_logging
 from .router.types import AgentTypeEnum
+from .server.storage.base import StorageBackend
+from .server.storage.local import LocalBackend
+from .server.storage.remote import RemoteBackend
 # Configure RichHandler for all hackagent.* loggers on first import.
 setup_package_logging()
@@ -16,4 +19,7 @@ __all__ = (
     "AuthenticatedClient",
     "Client",
     "HackAgent",
+    "LocalBackend",
+    "RemoteBackend",
+    "StorageBackend",
 )

{hackagent-0.6.0 → hackagent-0.9.1}/hackagent/agent.py RENAMED Viewed

@@ -5,7 +5,6 @@ from hackagent.logger import get_logger
 from typing import TYPE_CHECKING, Any, Dict, Optional, Union
 from hackagent import utils
-from hackagent.client import AuthenticatedClient
 from hackagent.errors import HackAgentError
 from hackagent.router import AgentRouter
 from hackagent.router.types import AgentTypeEnum
@@ -17,6 +16,22 @@ if TYPE_CHECKING:
 logger = get_logger(__name__)
+def _resolve_target_config(target_config: Optional[Dict[str, Any]]) -> Dict[str, Any]:
+    """Return normalized victim request defaults for the configured router."""
+    from hackagent.attacks.techniques.config import default_target
+    resolved = default_target()
+    if not target_config:
+        return resolved
+    merged = {key: value for key, value in target_config.items() if value is not None}
+    if "request_timeout" in merged and "timeout" not in merged:
+        merged["timeout"] = merged.pop("request_timeout")
+    resolved.update(merged)
+    return resolved
 class HackAgent:
     """
     The primary client for orchestrating security assessments with HackAgent.
@@ -28,12 +43,11 @@ class HackAgent:
     - Executing automated security tests against the configured agents.
     - Retrieving and handling test results.
-    It encapsulates complexities such as API authentication, agent registration
-    with the backend (via `AgentRouter`), and the dynamic dispatch of various
+    It encapsulates complexities such as agent registration
+    with the local backend (via `AgentRouter`), and the dynamic dispatch of various
     attack methodologies.
     Attributes:
-        client: An `AuthenticatedClient` instance for API communication.
         router: An `AgentRouter` instance managing the agent's representation
             in the HackAgent backend.
         attack_strategies: A dictionary mapping strategy names to their
@@ -50,12 +64,13 @@ class HackAgent:
         raise_on_unexpected_status: bool = False,
         timeout: Optional[float] = None,
         metadata: Optional[Dict[str, Any]] = None,
+        target_config: Optional[Dict[str, Any]] = None,
         adapter_operational_config: Optional[Dict[str, Any]] = None,
     ):
         """
         Initializes the HackAgent client and prepares it for interaction.
-        This constructor sets up the authenticated API client, loads default
+        This constructor sets up the local storage backend, loads default
         prompts, resolves the agent type, and initializes the agent router
         to ensure the agent is known to the backend. It also prepares available
         attack strategies.
@@ -73,10 +88,6 @@ class HackAgent:
                 String values are automatically converted to the corresponding
                 `AgentTypeEnum` member. Defaults to `AgentTypeEnum.UNKNOWN` if
                 not specified or if an invalid string is provided.
-            base_url: The base URL for the HackAgent API service.
-            api_key: The API key for authenticating with the HackAgent API.
-                If omitted, the client will attempt to retrieve it from the
-                config file (~/.config/hackagent/config.json).
             raise_on_unexpected_status: If set to `True`, the API client will
                 raise an exception for any HTTP status codes that are not typically
                 expected for a successful operation. Defaults to `False`.
@@ -84,32 +95,69 @@ class HackAgent:
                 authenticated client. Defaults to `None` (which might mean a
                 default timeout from the underlying HTTP library is used).
             metadata: Optional dictionary containing agent-specific metadata.
+            target_config: Optional default request settings for the configured
+                victim model. This is the preferred place to define target-side
+                generation defaults such as `max_tokens`, `temperature`,
+                and `timeout`.
             adapter_operational_config: Optional configuration for the agent adapter.
         """
         resolved_auth_token = utils.resolve_api_token(direct_api_key_param=api_key)
-        # Use default base_url if not provided
-        if base_url is None:
-            base_url = "https://api.hackagent.dev"
+        if resolved_auth_token:
+            from hackagent.server.client import AuthenticatedClient
+            from hackagent.server.storage.remote import RemoteBackend
-        self.client = AuthenticatedClient(
-            base_url=base_url,
-            token=resolved_auth_token,
-            prefix="Bearer",
-            raise_on_unexpected_status=raise_on_unexpected_status,
-            timeout=timeout,
-        )
+            _base_url = base_url or "https://api.hackagent.dev"
+            _client = AuthenticatedClient(
+                base_url=_base_url,
+                token=resolved_auth_token,
+                prefix="Bearer",
+                raise_on_unexpected_status=raise_on_unexpected_status,
+                timeout=timeout,
+            )
+            self.backend = RemoteBackend(_client)
+            logger.info("HackAgent using remote backend → %s", _base_url)
+        else:
+            from hackagent.server.storage.local import LocalBackend
+            self.backend = LocalBackend()
+            logger.info(
+                "HackAgent using local backend → ~/.local/share/hackagent/hackagent.db"
+            )
+        # Backward compatible raw HTTP client reference.
+        self.client = getattr(self.backend, "_client", None)
         processed_agent_type = utils.resolve_agent_type(agent_type)
+        self.target_config = _resolve_target_config(target_config)
+        explicit_target_config = (
+            {
+                key: value
+                for key, value in (target_config or {}).items()
+                if value is not None
+            }
+            if target_config
+            else {}
+        )
+        router_metadata = {
+            key: value
+            for key, value in {**(metadata or {}), **explicit_target_config}.items()
+            if value is not None
+        }
+        router_operational_config = {
+            **self.target_config,
+            **(adapter_operational_config or {}),
+        }
         self.router = AgentRouter(
-            client=self.client,
-            name=name,
+            backend=self.backend,
+            name=name or endpoint,  # fall back to endpoint if no name provided
             agent_type=processed_agent_type,
             endpoint=endpoint,
-            metadata=metadata,
-            adapter_operational_config=adapter_operational_config,
+            metadata=router_metadata,
+            adapter_operational_config=router_operational_config,
         )
         # Attack strategies are lazy-loaded to improve startup time
@@ -125,19 +173,25 @@ class HackAgent:
                 AutoDANTurboOrchestrator,
                 BaselineOrchestrator,
                 BoNOrchestrator,
+                CipherChatOrchestrator,
+                H4rm3lOrchestrator,
+                PAPOrchestrator,
                 PAIROrchestrator,
                 FlipAttackOrchestrator,
                 TAPOrchestrator,
             )
             self._attack_strategies = {
-                "advprefix": AdvPrefixOrchestrator(hack_agent=self),
-                "autodan_turbo": AutoDANTurboOrchestrator(hack_agent=self),
-                "baseline": BaselineOrchestrator(hack_agent=self),
-                "bon": BoNOrchestrator(hack_agent=self),
-                "pair": PAIROrchestrator(hack_agent=self),
-                "flipattack": FlipAttackOrchestrator(hack_agent=self),
-                "tap": TAPOrchestrator(hack_agent=self),
+                "advprefix": AdvPrefixOrchestrator(hackagent_agent=self),
+                "autodan_turbo": AutoDANTurboOrchestrator(hackagent_agent=self),
+                "baseline": BaselineOrchestrator(hackagent_agent=self),
+                "bon": BoNOrchestrator(hackagent_agent=self),
+                "cipherchat": CipherChatOrchestrator(hackagent_agent=self),
+                "pair": PAIROrchestrator(hackagent_agent=self),
+                "flipattack": FlipAttackOrchestrator(hackagent_agent=self),
+                "tap": TAPOrchestrator(hackagent_agent=self),
+                "h4rm3l": H4rm3lOrchestrator(hackagent_agent=self),
+                "pap": PAPOrchestrator(hackagent_agent=self),
             }
         return self._attack_strategies
@@ -177,7 +231,7 @@ class HackAgent:
             ValueError: If the 'attack_type' is missing from `attack_config` or
                 if the specified 'attack_type' is not a supported/registered
                 strategy.
-            HackAgentError: For issues during API interaction, problems with backend
+            HackAgentError: For issues during backend
                 agent operations, or other unexpected errors during the attack process.
         """
         try:

{hackagent-0.6.0 → hackagent-0.9.1}/hackagent/attacks/__init__.py RENAMED Viewed

@@ -35,6 +35,7 @@ from .registry import (
     AdvPrefixOrchestrator,
     AutoDANTurboOrchestrator,
     BaselineOrchestrator,
+    CipherChatOrchestrator,
     PAIROrchestrator,
     FlipAttackOrchestrator,
     TAPOrchestrator,
@@ -45,6 +46,7 @@ __all__ = [
     "AdvPrefixOrchestrator",
     "AutoDANTurboOrchestrator",
     "BaselineOrchestrator",
+    "CipherChatOrchestrator",
     "PAIROrchestrator",
     "FlipAttackOrchestrator",
     "TAPOrchestrator",

{hackagent-0.6.0 → hackagent-0.9.1}/hackagent/attacks/evaluator/__init__.py RENAMED Viewed

@@ -23,6 +23,7 @@ Usage:
         NuancedEvaluator,
         JailbreakBenchEvaluator,
         HarmBenchEvaluator,
+        HarmBenchVariantEvaluator,
         EVALUATOR_MAP,
         AssertionResult,
         # Pattern-based evaluators
@@ -48,6 +49,7 @@ from hackagent.attacks.evaluator.evaluation_step import BaseEvaluationStep
 from hackagent.attacks.evaluator.judge_evaluators import (
     EVALUATOR_MAP,
     HarmBenchEvaluator,
+    HarmBenchVariantEvaluator,
     JailbreakBenchEvaluator,
     NuancedEvaluator,
     OnTopicEvaluator,
@@ -81,6 +83,7 @@ __all__ = [
     "NuancedEvaluator",
     "JailbreakBenchEvaluator",
     "HarmBenchEvaluator",
+    "HarmBenchVariantEvaluator",
     "OnTopicEvaluator",
     "EVALUATOR_MAP",
     # Pattern evaluators

hackagent 0.6.0__tar.gz → 0.9.1__tar.gz

hackagent 0.6.0tar.gz → 0.9.1tar.gz