feat: US-001 - Dual-LLM Evaluation for Attack Success Detection

Add LLM-based refusal classifier inspired by Promptmap's dual-LLM
architecture. The controller LLM evaluates whether an attack succeeded
by analyzing the target's response against pass/fail conditions.

- Create LLMRefusalClassifier plugin integrating with existing system
- Support OpenAI and Anthropic providers with lazy initialization
- Add configurable system prompts and pass/fail conditions
- Include 20 unit tests for comprehensive coverage
This commit is contained in:
Alexander Myasoedov
2026-01-28 18:18:09 +02:00
parent ce7636fe9e
commit 32f103acbc
4 changed files with 493 additions and 0 deletions
+23
View File
@@ -0,0 +1,23 @@
## Codebase Patterns
- Use async-first patterns for all I/O operations (httpx, asyncio)
- Plugin architecture with abstract base classes for extensibility
- Use table-driven tests with inline_snapshot where possible
- Tests are organized in tests/unit/, tests/integration/, tests/system/
- Use absolute imports, avoid relative imports except within same module
- Minimize docstrings, use quick returns, avoid abstractions without proven need
---
## 2026-01-28 - Initial Setup
- Created PRD with 5 user stories based on research from promptfoo, promptmap, and FuzzyAI
- Key improvements identified:
1. Dual-LLM evaluation (from Promptmap)
2. YAML rule system (from Promptmap)
3. Composable fuzzing chains (from FuzzyAI)
4. Unified provider abstraction (from FuzzyAI)
5. Hybrid refusal detection (combining approaches)
- **Learnings for future iterations:**
- Existing refusal detection is in agentic_security/probe_actor/refusal.py with RefusalClassifierPlugin system
- Attack data modules are in agentic_security/probe_data/modules/
- Security utilities are in agentic_security/core/security.py
---