feat(ai): add pyoaev support for AI adversarial exposure validation (#295)#296
Open
SamuelHassine wants to merge 2 commits into
Open
feat(ai): add pyoaev support for AI adversarial exposure validation (#295)#296SamuelHassine wants to merge 2 commits into
SamuelHassine wants to merge 2 commits into
Conversation
…295) Add AI request marker / target endpoint signature types, a shared deterministic per-inject canary marker helper, ai_expectations_for_source to poll agentless detection/prevention expectations, and an AiTargetManager for AI Target assets.
There was a problem hiding this comment.
Pull request overview
Adds initial SDK primitives for the AI adversarial exposure validation (AI red-team injector + AI defense collector) domain by introducing new signature types, a shared deterministic marker helper, an expectations polling helper for AI collectors, and a new AI Target CRUD manager exposed on the client.
Changes:
- Add AI-related
SignatureTypesand a deterministicbuild_marker()helper for correlating inject executions to AI defense telemetry. - Add
InjectExpectationManager.ai_expectations_for_source(source_id)for polling agentless AI DETECTION/PREVENTION expectations. - Add
AiTargetManager(CRUD for/ai_targets) and wire it ontoOpenAEVasclient.ai_target.
Reviewed changes
Copilot reviewed 6 out of 6 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| pyoaev/signatures/types.py | Adds new AI signature enum values used for AI validation correlation. |
| pyoaev/signatures/ai_marker.py | Introduces deterministic per-inject marker helper shared by injector/collectors. |
| pyoaev/apis/inject_expectation/inject_expectation.py | Adds API helper to fetch AI-specific expectations for a collector/source. |
| pyoaev/apis/ai_target.py | Adds new REST manager/object for AI Target assets CRUD. |
| pyoaev/apis/init.py | Exposes the new AI Target API module via package exports. |
| pyoaev/client.py | Wires AiTargetManager onto the main OpenAEV client. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
+44
to
+46
| def ai_expectations_for_source( | ||
| self, source_id: str, **kwargs: Any | ||
| ) -> Dict[str, Any]: |
Comment on lines
+13
to
+15
| def build_marker(inject_id: str, agent_id: str = "") -> str: | ||
| seed = f"{inject_id}:{agent_id}".encode("utf-8") | ||
| return "oaev" + hashlib.sha256(seed).hexdigest()[:16] |
Comment on lines
+10
to
+16
| class AiTargetManager( | ||
| GetMixin, ListMixin, CreateMixin, UpdateMixin, DeleteMixin, RESTManager | ||
| ): | ||
| """Manage AI Target assets (LLM endpoints / AI agents under adversarial test).""" | ||
|
|
||
| _path = "/ai_targets" | ||
| _obj_cls = AiTarget |
Comment on lines
+18
to
+21
| # AI adversarial validation: correlate AI defense (LLM firewall / guardrail) events back to a | ||
| # specific AI inject execution. | ||
| SIG_TYPE_AI_REQUEST_MARKER = "ai_request_marker" | ||
| SIG_TYPE_AI_TARGET_ENDPOINT = "ai_target_endpoint" |
Adds ARTIFICIAL_INTELLIGENCE to SecurityDomains so AI red-team contracts can be bucketed under the AI security domain.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
ai_request_marker/ai_target_endpointsignature types and a shareddeterministic per-inject canary marker helper (
pyoaev/signatures/ai_marker.py).inject_expectation.ai_expectations_for_source(source_id)to poll agentlessDETECTION / PREVENTION expectations for AI defense collectors.
AiTargetManager(CRUD for AI Target assets) wired on the client.These are the SDK building blocks for the AI adversarial exposure validation domain
(AI red-team injector + AI guardrail collector + openaev backend).
Dependency / merge order
Dependency root of the feature. Merge and release before:
ai-redteaminjectorai-guardrailandmitre-atlascollectorsPairs with the openaev backend endpoints
/api/injects/expectations/ai/{sourceId}and
/api/ai_targets.Test plan
python -m compileall pyoaevOpenAEV(...).ai_targetCRUD andinject_expectation.ai_expectations_for_sourceCloses #295