Enrichment in connectors

.github/workflows/publish.yml

@@ -10,7 +10,6 @@ jobs:
     permissions:
       contents: write
       id-token: write
-      pull-requests: write
 
     steps:
       - name: Checkout repository
@@ -66,59 +65,17 @@ jobs:
             echo "✅ Version consistency check passed!"
           fi
 
-      - name: Create version update PR
+      - name: Align package version to release tag
         if: steps.version_check.outputs.version_mismatch == 'true'
         run: |
-          # Configure git
-          git config --global user.name 'github-actions[bot]'
-          git config --global user.email 'github-actions[bot]@users.noreply.github.com'
-
-          # Create new branch
-          BRANCH_NAME="update-version-to-${{ steps.version_check.outputs.tag_version }}"
-          git checkout -b "$BRANCH_NAME"
-
-          # Update version in pyproject.toml
+          echo "🔧 Updating pyproject version for this release build..."
           poetry version "${{ steps.version_check.outputs.tag_version }}"
-
-          # Commit changes
-          git add pyproject.toml
-          git commit -m "Update version to ${{ steps.version_check.outputs.tag_version }} to match release tag
-
-          This automated commit updates the version in pyproject.toml to match the release tag ${{ github.event.release.tag_name }}.
-
-          Previous version: ${{ steps.version_check.outputs.pyproject_version }}
-          New version: ${{ steps.version_check.outputs.tag_version }}"
-
-          # Push branch
-          git push origin "$BRANCH_NAME"
-
-          # Create PR
-          gh pr create \
-            --title "🔖 Update version to ${{ steps.version_check.outputs.tag_version }}" \
-            --body "## Version Update
-
-          This PR automatically updates the version in \`pyproject.toml\` to match the release tag.
-
-          **Changes:**
-          - Update version from \`${{ steps.version_check.outputs.pyproject_version }}\` to \`${{ steps.version_check.outputs.tag_version }}\`
-
-          **Triggered by:** Release [${{ github.event.release.tag_name }}](${{ github.event.release.html_url }})
-
-          **Note:** The PyPI publishing workflow has been paused until this version mismatch is resolved. Once this PR is merged, please re-run the publishing workflow or create a new release." \
-            --head "$BRANCH_NAME" \
-            --base main \
-            --label "automated" \
-            --label "version-update"
-        env:
-          GH_TOKEN: ${{ github.token }}
+          echo "✅ pyproject.toml now set to ${{ steps.version_check.outputs.tag_version }}"
 
-      - name: Stop workflow if version mismatch
-        if: steps.version_check.outputs.version_mismatch == 'true'
+      - name: Use existing package version
+        if: steps.version_check.outputs.version_mismatch == 'false'
         run: |
-          echo "❌ Stopping workflow due to version mismatch."
-          echo "A PR has been created to fix the version inconsistency."
-          echo "Please merge the PR and re-run this workflow or create a new release."
-          exit 1
+          echo "✅ Using pyproject version ${{ steps.version_check.outputs.pyproject_version }}"
 
       - name: Run tests
         run: poetry run pytest tests/ --cov=avidtools

.github/workflows/test.yml

@@ -4,6 +4,8 @@ on:
   pull_request:
     branches:
       - main 
+  release:
+    types: [published]
 
 jobs:
   IntegrationTests:

README.md

@@ -20,4 +20,10 @@ pip install avidtools
 From inside this directory, run the following to install the latest development version:
 ```
 pip install -e .
-```
+```
+
+## Release behavior
+
+- On GitHub release publish, CI runs tests/lint/type checks before publishing to PyPI.
+- The publish workflow compares the release tag version with `pyproject.toml`.
+- If they differ, it automatically aligns the package version to the release tag during the workflow run, then continues build and publish.

avidtools/connectors/.garak_probe_summary_cache.json

@@ -0,0 +1,120 @@
+{
+  "probe_summaries": {
+    "ansiescape.AnsiEscaped": "The probe ansiescape.AnsiEscaped tests for the production of ANSI escape codes that can disrupt downstream processing",
+    "ansiescape.AnsiRaw": "The probe ansiescape.AnsiRaw tests for the production of ANSI escape codes that can disrupt downstream processing",
+    "apikey.CompleteKey": "The probe apikey.CompleteKey tests if the system can complete partial API keys for various services",
+    "apikey.GetKey": "The probe apikey.GetKey tests if the system returns secret-like strings when requested for an API key",
+    "atkgen.Tox": "The probe atkgen.Tox tests automatic attack generation to elicit toxic outputs from language models",
+    "continuation.ContinueSlursReclaimedSlurs": "The probe continuation.ContinueSlursReclaimedSlurs tests if a model will complete a partial ethnic slur when prompted",
+    "dan.Ablation_Dan_11_0": "The probe dan.Ablation_Dan_11_0 tests the effectiveness of various detection mechanisms",
+    "dan.AutoDANCached": "The probe dan.AutoDANCached tests the caching behavior of the AutoDAN system",
+    "dan.DanInTheWild": "The probe dan.DanInTheWild tests for the presence of specific vulnerabilities in AI models",
+    "divergence.Repeat": "The probe divergence.Repeat tests if a model outputs unintended data when asked to repeat a string multiple times",
+    "divergence.RepeatedToken": "The probe divergence.RepeatedToken tests if a model leaks data by repeating a string multiple times",
+    "dra.DRA": "The probe dra.DRA tests models using disguised and reconstructed harmful strings through string manipulation",
+    "encoding.InjectAscii85": "The probe encoding.InjectAscii85 tests the injection of ASCII85 encoding into data",
+    "encoding.InjectAtbash": "The probe encoding.InjectAtbash tests the Atbash cipher encoding method",
+    "encoding.InjectBase16": "The probe encoding.InjectBase16 tests the injection of Base16 encoded data",
+    "encoding.InjectBase2048": "The probe encoding.InjectBase2048 tests the injection of Base2048 encoded data",
+    "encoding.InjectBase32": "The probe encoding.InjectBase32 tests the injection of Base32 encoded data",
+    "encoding.InjectBase64": "The probe encoding.InjectBase64 tests the functionality of Base64 encoding",
+    "encoding.InjectBraille": "The probe encoding.InjectBraille tests encoding functions related to Braille representation",
+    "encoding.InjectEcoji": "The probe encoding.InjectEcoji tests the injection of Ecoji encoding into data",
+    "encoding.InjectHex": "The probe encoding.InjectHex tests for vulnerabilities related to hexadecimal encoding in prompt injection scenarios",
+    "encoding.InjectMorse": "The probe encoding.InjectMorse tests the injection of Morse code to bypass input filtering safeguards",
+    "encoding.InjectNato": "The probe encoding.InjectNato tests encoding techniques to bypass input filtering by using NATO phonetic alphabet representations",
+    "encoding.InjectROT13": "The probe encoding.InjectROT13 tests the encoding of strings using the ROT13 cipher to bypass input filtering",
+    "encoding.InjectUU": "The probe encoding.InjectUU tests the ability to encode data using UUencoding to bypass input filtering",
+    "encoding.InjectUnicodeTagChars": "The probe encoding.InjectUnicodeTagChars tests the injection of Unicode tag characters to bypass input filtering",
+    "encoding.InjectZalgo": "The probe encoding.InjectZalgo tests the ability to encode strings using Zalgo text to bypass input filtering",
+    "exploitation.JinjaTemplatePythonInjection": "The probe exploitation.JinjaTemplatePythonInjection tests for potential Python code execution via Jinja template injection vulnerabilities",
+    "exploitation.SQLInjectionEcho": "The probe exploitation.SQLInjectionEcho tests for SQL injection vulnerabilities by attempting to exploit echo responses",
+    "goodside.Tag": "The probe goodside.Tag tests for attacks discovered by Riley Goodside",
+    "goodside.ThreatenJSON": "The probe goodside.ThreatenJSON tests the model's susceptibility to JSON-based threat prompts",
+    "goodside.WhoIsRiley": "The probe goodside.WhoIsRiley tests the model's ability to provide incorrect answers about a specific name",
+    "grandma.Slurs": "The probe grandma.Slurs tests the ability to extract ethnic slurs by roleplaying as a grandma",
+    "grandma.Substances": "The probe grandma.Substances tests the ability to extract illegal or contentious information by roleplaying as a grandmother",
+    "grandma.Win10": "The probe grandma.Win10 tests the ability to extract ethnic slurs by roleplaying as a grandmother",
+    "grandma.Win11": "The probe grandma.Win11 tests the ability to extract illegal or contentious information by roleplaying as a grandmother",
+    "latentinjection.LatentInjectionFactSnippetEiffel": "The probe latentinjection.LatentInjectionFactSnippetEiffel tests for latent injection vulnerabilities in applications",
+    "latentinjection.LatentInjectionFactSnippetLegal": "The probe latentinjection.LatentInjectionFactSnippetLegal tests for latent injection vulnerabilities in legal contexts",
+    "latentinjection.LatentInjectionReport": "The probe latentinjection.LatentInjectionReport tests for latent injection vulnerabilities in various contexts",
+    "latentinjection.LatentInjectionResume": "The probe latentinjection.LatentInjectionResume tests for latent injection vulnerabilities in various contexts",
+    "latentinjection.LatentInjectionTranslationEnFr": "The probe latentinjection.LatentInjectionTranslationEnFr tests for model responses to context-embedded injections, including indirect prompt injections and latent jailbreaks",
+    "latentinjection.LatentInjectionTranslationEnZh": "The probe latentinjection.LatentInjectionTranslationEnZh tests for model responses to context-embedded injections, including indirect prompt injections and latent jailbreaks",
+    "latentinjection.LatentJailbreak": "The probe latentinjection.LatentJailbreak tests for model responses to latent injections embedded within context",
+    "latentinjection.LatentWhois": "The probe latentinjection.LatentWhois tests for responses to injections embedded in context, targeting semi-overt prompt injections",
+    "latentinjection.LatentWhoisSnippet": "The probe latentinjection.LatentWhoisSnippet tests for prompt injections hidden within larger contexts",
+    "leakreplay.GuardianCloze": "The probe leakreplay.GuardianCloze tests for data leak vulnerabilities by attempting to replay excerpts from training documents",
+    "leakreplay.GuardianComplete": "The probe leakreplay.GuardianComplete tests for data leaks by attempting to replay training documents",
+    "leakreplay.LiteratureCloze": "The probe leakreplay.LiteratureCloze tests for data leaks by replaying excerpts from training documents to determine if they were used",
+    "leakreplay.LiteratureComplete": "The probe leakreplay.LiteratureComplete tests for replay attacks that attempt to extract training data from a model",
+    "leakreplay.NYTCloze": "The probe leakreplay.NYTCloze tests for replay attacks that reveal if a document was used in model training",
+    "leakreplay.NYTComplete": "The probe leakreplay.NYTComplete tests for replay attacks to determine if a document was used in model training",
+    "leakreplay.PotterCloze": "The probe leakreplay.PotterCloze tests for replay attacks that attempt to extract training data from a model",
+    "leakreplay.PotterComplete": "The probe leakreplay.PotterComplete tests for replay attacks that attempt to extract training data from a model",
+    "lmrc.Bullying": "The probe lmrc.Bullying tests for instances of bullying in content",
+    "lmrc.Deadnaming": "The probe lmrc.Deadnaming tests for instances of deadnaming in language model outputs",
+    "lmrc.QuackMedicine": "The probe lmrc.QuackMedicine tests for the presence of misleading health information or 'quack' medicine",
+    "lmrc.SexualContent": "The probe lmrc.SexualContent tests for the presence of sexual content in generated text",
+    "lmrc.Sexualisation": "The probe lmrc.Sexualisation tests for the presence of sexualisation in content",
+    "lmrc.SlurUsage": "The probe lmrc.SlurUsage tests for the usage of slurs in language model outputs",
+    "malwaregen.Evasion": "The probe malwaregen.Evasion tests if the model can generate code to evade detection by anti-malware systems",
+    "malwaregen.Payload": "The probe malwaregen.Payload tests if the system can generate malware or components for disruptive tools",
+    "malwaregen.SubFunctions": "The probe malwaregen.SubFunctions tests if the system can generate malware or components for disruptive tools",
+    "malwaregen.TopLevel": "The probe malwaregen.TopLevel tests if the system can generate malware or components for disruptive tools",
+    "misleading.FalseAssertion": "The probe misleading.FalseAssertion tests if the model can refute false claims and avoid being misled by them",
+    "packagehallucination.Dart": "The probe packagehallucination.Dart tests for vulnerabilities related to package hallucination in code generation by AI models",
+    "packagehallucination.JavaScript": "The probe packagehallucination.JavaScript tests for vulnerabilities related to package hallucination in code generation tools",
+    "packagehallucination.Perl": "The probe packagehallucination.Perl tests for vulnerabilities related to package hallucination in Perl",
+    "packagehallucination.Python": "The probe packagehallucination.Python tests for vulnerabilities related to package hallucination in Python",
+    "packagehallucination.RakuLand": "The probe packagehallucination.RakuLand tests for package hallucination vulnerabilities in RakuLand, identifying non-existent packages suggested by language models",
+    "packagehallucination.Ruby": "The probe packagehallucination.Ruby tests for vulnerabilities related to package hallucination in Ruby",
+    "packagehallucination.Rust": "The probe packagehallucination.Rust tests for vulnerabilities related to package hallucination in Rust, identifying non-existent packages suggested by language models",
+    "phrasing.FutureTense": "The probe phrasing.FutureTense tests if future tense requests can bypass safeguards for unsafe content",
+    "phrasing.PastTense": "The probe phrasing.PastTense tests the evasion of safeguards by rephrasing requests in the past tense",
+    "promptinject.HijackHateHumans": "The probe promptinject.HijackHateHumans tests for potential hijacking of prompts that express hate towards humans",
+    "promptinject.HijackKillHumans": "The probe promptinject.HijackKillHumans tests for malicious prompt injections aimed at causing harm to humans",
+    "promptinject.HijackLongPrompt": "The probe promptinject.HijackLongPrompt tests the system's vulnerability to long prompt hijacking attacks",
+    "realtoxicityprompts.RTPBlank": "The probe realtoxicityprompts.RTPBlank tests for the absence of toxicity in prompts",
+    "snowball.GraphConnectivity": "The probe snowball.GraphConnectivity tests if the system generates false claims by asking impossible flight routing questions",
+    "suffix.GCGCached": "The probe suffix.GCGCached tests the effectiveness of adversarial suffix attacks on system prompts",
+    "tap.TAPCached": "The probe tap.TAPCached tests the effectiveness of pre-computed prompts to jailbreak LLMs without additional model evaluations",
+    "topic.WordnetControversial": "The probe topic.WordnetControversial tests a model's ability to engage with controversial topics near blocked keywords",
+    "web_injection.ColabAIDataLeakage": "The probe web_injection.ColabAIDataLeakage tests for potential data leakage vulnerabilities in web applications",
+    "web_injection.MarkdownImageExfil": "The probe web_injection.MarkdownImageExfil tests for the exfiltration of images through Markdown web injection vulnerabilities",
+    "web_injection.MarkdownURIImageExfilExtended": "The probe web_injection.MarkdownURIImageExfilExtended tests for vulnerabilities allowing image data exfiltration via Markdown URI injection",
+    "web_injection.MarkdownURINonImageExfilExtended": "The probe web_injection.MarkdownURINonImageExfilExtended tests for non-image data exfiltration vulnerabilities via Markdown URIs",
+    "web_injection.MarkdownXSS": "The probe web_injection.MarkdownXSS tests for cross-site scripting (XSS) vulnerabilities in Markdown content",
+    "web_injection.PlaygroundMarkdownExfil": "The probe web_injection.PlaygroundMarkdownExfil tests for data exfiltration vulnerabilities through Markdown injection in web applications",
+    "web_injection.StringAssemblyDataExfil": "The probe web_injection.StringAssemblyDataExfil tests for data exfiltration vulnerabilities through string assembly in web applications",
+    "web_injection.TaskXSS": "The probe web_injection.TaskXSS tests for cross-site scripting (XSS) vulnerabilities in web applications"
+  },
+  "module_behaviors": {
+    "ansiescape": "Elicit ANSI control codes from a model",
+    "apikey": "Prompts to generate complete API keys",
+    "atkgen": "Generate attack prompts for toxicity testing",
+    "continuation": "Checks model responses to contentious term continuations.",
+    "dan": "Evaluate the performance of the DAN model",
+    "divergence": "Detects divergence in model output",
+    "dra": "Tests models with disguised harmful behaviors",
+    "encoding": "Injects ASCII85 encoded data into payloads",
+    "exploitation": "Attempts to exploit injection vulnerabilities",
+    "goodside": "Evaluate attack success rates of specific probes",
+    "grandma": "Simulates a grandma to elicit sensitive information",
+    "latentinjection": "Detects latent injection issues",
+    "leakreplay": "Detects data leaks through replaying training excerpts.",
+    "lmrc": "Detects bullying content in text",
+    "malwaregen": "Requests code to evade security measures",
+    "misleading": "Checks model responses to misleading assertions",
+    "packagehallucination": "Checks for non-existent package recommendations",
+    "phrasing": "Attempts to evade safeguards using future tense",
+    "promptinject": "Detects and analyzes prompt injection attacks",
+    "realtoxicityprompts": "Detects blank prompts for toxicity",
+    "snowball": "Attempts to catch models generating false claims",
+    "suffix": "Append adversarial suffixes to system prompts",
+    "tap": "Utilizes cached prompts for automated jailbreaks",
+    "topic": "Explore topics near blocked keywords",
+    "web_injection": "Detects data exfiltration risks"
+  }
+}

avidtools/connectors/__init__.py

@@ -1,5 +1,3 @@
 """Connectors for AVID data sources."""
 
-from .url import URLConnector, fetch_and_convert
-
-__all__ = ["URLConnector", "fetch_and_convert"]
+__all__: list[str] = []

avidtools/connectors/aiid.py

@@ -0,0 +1 @@
+"""AIID connector placeholder module."""

avidtools/connectors/atlas.py

@@ -1,3 +1,5 @@
+"""Connector utilities for importing and converting MITRE ATLAS data."""
+
 import requests
 import yaml
 import re