Skip to content

feat: migrate AI Red Teaming to standalone extension with profiles support#6635

Draft
pkey wants to merge 7 commits intomainfrom
test/minired_e2e
Draft

feat: migrate AI Red Teaming to standalone extension with profiles support#6635
pkey wants to merge 7 commits intomainfrom
test/minired_e2e

Conversation

@pkey
Copy link
Contributor

@pkey pkey commented Mar 12, 2026
edited
Loading

Summary

Migrate AI Red Teaming from cli-extension-ai-bom to the standalone cli-extension-ai-redteam extension and bump to the latest version (17f3df) which brings profiles support and attacks-based scanning API.

What changed

  • Redteam extension split: Red teaming code moved from cli-extension-ai-bom/pkg/redteam to cli-extension-ai-redteam/pkg/redteam as a standalone Go module
  • Tenant-based auth: API routes migrated from /api/hidden/orgs/:orgId/ai_scans/... to /api/hidden/tenants/:tenantId/red_team_scans/.... New required flag: --tenant-id
  • Profiles & goals: New --profile flag to select attack profiles (fast, security, safety), --goals flag for direct goal specification, and --list-profiles to enumerate available profiles
  • Minired control server: The scanning flow now uses an iterative prompt-response loop with the minired control server, where the CLI acts as a proxy between the control server and the target application
  • Minired report endpoint: Results fetched via dedicated /report endpoint instead of client-side normalization
  • Removed features: --attack flag (replaced by --goals), --control-server-url flag, --list-strategies flag, and all redteam scanning-agent subcommands (list, create, delete)

Non-redteam changes bundled in

  • Go feature flag refactor: Moved includeGoStandardLibraryDeps and disableGoPackageUrlsInCli resolution from callers into buildPluginOptions(), simplifying the call chain
  • go-bridge.ts simplification: Removed stderr streaming with [go-bridge] prefix, stderr soft-cap/truncation logic, and StringDecoder-based UTF-8 chunk decoding
  • aibom test cleanup: Removed aibom test (cli_policy_test) acceptance tests

Test plan

  • Acceptance tests for redteam scan flow (create → next → status → next → status → get)
  • Acceptance tests for redteam get result retrieval
  • Acceptance tests for HTML report generation (--html, --html-file-output)
  • Acceptance tests for report summary data
  • Acceptance tests for error handling (invalid config, missing --id, invalid UUID)
  • Tests for --list-profiles, --list-goals flags
  • Tests for --goals and --profile flags
  • Tests for --goals --profile conflict
  • Unit tests for buildPluginOptions feature flag changes
  • Fake server updated with tenant-based red_team_scans endpoints
  • Fake target server for e2e proxy testing

🤖 Generated with Claude Code

@snyk-io
Copy link

snyk-io bot commented Mar 12, 2026
edited
Loading

Snyk checks have passed. No issues have been found so far.

Status Scan Engine Critical High Medium Low Total (0)
Open Source Security 0 0 0 0 0 issues
Licenses 0 0 0 0 0 issues
Code Security 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

@github-actions
Copy link
Contributor

github-actions bot commented Mar 12, 2026
edited
Loading

Warnings
⚠️ There are multiple commits on your branch, please squash them locally before merging!
⚠️

"feat: migrate AI Red Teaming to standalone extension with profiles support" is too long. Keep the first line of your commit message under 72 characters.

Generated by 🚫 dangerJS against 8f1fad8

@pkey pkey force-pushed the test/minired_e2e branch 2 times, most recently from 89a7312 to 5486e88 Compare March 17, 2026 13:58
pkey added 5 commits March 17, 2026 14:50
@pkey
feat: switch to cli-extension-ai-redteam
5f32d38
@pkey
feat: update redteam e2e tests for minired control server
7a3e903 
- replace ai_scans/scanning_agents routes with red_team_scans
- add separate fake target server
- add toHaveExitCode matcher and extractJSON helper
@pkey
feat: update redteam tests for tenant-based auth
23363c7 
- bump cli-extension-ai-redteam
- add /api prefix to fake server control server routes
- add request sequence assertions and url field assertion
@pkey
fix: unskip redteam get tests after --control-server-url flag removal
f7000fd
@pkey
feat: bump cli-extension-ai-redteam to latest
8175c74 
- Picks up ground truth context, target URL passthrough,
  goal renaming, and web-based target setup wizard
@pkey pkey force-pushed the test/minired_e2e branch from 5486e88 to 8175c74 Compare March 17, 2026 14:50
@pkey pkey changed the title feat: minired feat: migrate AI Red Teaming to standalone extension with profiles support Mar 18, 2026
pkey added 2 commits March 18, 2026 15:06
@pkey
feat: bump cli-extension-ai-redteam to 17f3df
dff11db 
Bump cli-extension-ai-redteam to latest (17f3df) which adds profiles
support, --goals flag, --list-profiles/--list-goals, and minired report
endpoint. Add acceptance tests for new flags and update fake server with
profiles, goals, and report mock endpoints.
@pkey
Merge remote-tracking branch 'origin/main' into test/minired_e2e
8f1fad8 
# Conflicts:
#	cliv2/go.mod
#	cliv2/go.sum
@pkey pkey force-pushed the test/minired_e2e branch from 0374c38 to 8f1fad8 Compare March 18, 2026 15:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@pkey