The /scan-csv endpoint was reading the uploaded CSV file but discarding
the content (TODO comment), resulting in scans that ran with zero prompts.
Changes:
- routes/scan.py: parse uploaded CSV via parse_csv_content(), pass the
extracted prompts as inline_datasets to the Scan model; also fix the
maxBudget query parameter being silently ignored (hardcoded to 1000).
- probe_data/data.py: add parse_csv_content(bytes) -> ProbeDataset that
looks for a 'prompt' column first, falls back to the first text column,
and raises ValueError when no suitable column is found.
- primitives/models.py: add inline_datasets: list[dict] field to Scan
model for carrying uploaded prompts through the scan pipeline.
- probe_actor/fuzzer.py: perform_single_shot_scan now accepts
inline_datasets and appends them as ProbeDataset objects to the scan
modules; scan_router transparently forwards the field.
Removes Content-Length from request headers before sending with httpx
to prevent LocalProtocolError when placeholder replacement (e.g.
<<PROMPT>>) changes the body size. httpx calculates the correct
Content-Length from the actual content.
Closes#139
Closes#193
Expands the MCP server section with:
- what tools are exposed and what each one does
- step-by-step Claude Desktop setup
- the three built-in prompt templates and when to use them
- a short example conversation showing natural-language scan control
- Claude Code CLI setup for terminal-based workflows
Closes#192
Three prompt templates via @mcp.prompt():
- security_scan_prompt: full scan with configurable probe budget
- verify_llm_prompt: quick reachability check before committing to a scan
- adversarial_probe_prompt: multi-step attack session with findings summary
Placed before the tool definitions with a clear section comment.
No existing tool behaviour changed.
Add export_full_log() method to FuzzerState that exports a comprehensive
log of all events including errors, refusals, and successful outputs.
Previously only failures were exported. This change addresses issue #100
by creating a complete audit trail in full_scan_log.csv with event type,
module, prompt, status code, content, and refused flag columns.
Co-Authored-By: Nivesh Dandyan <niveshdandyan@gmail.com>
Implement hybrid refusal classifier combining multiple detection methods:
- Add confidence scoring to refusal detection (HybridResult)
- Implement weighted voting with configurable thresholds
- Support require_unanimous mode for strict classification
- Add factory function create_hybrid_classifier for common setup
- Include 32 unit tests with table-driven test patterns
Create unified provider abstraction layer for direct LLM integrations beyond
HTTP specs, inspired by FuzzyAI's comprehensive provider system.
- Add BaseLLMProvider abstract class with standard interface (generate, chat,
sync_generate, sync_chat methods)
- Implement OpenAIProvider supporting chat completions API
- Implement AnthropicProvider supporting messages API
- Create provider factory for instantiation by name (create_provider,
get_provider_class)
- Add 60 unit tests covering all provider implementations
Alexander Myasoedov