Feat(simulator): complete attack simulator infrastructure for Phase 2 (Weeks 3-6) covering all ASI categories#530
Open
Jean-Regis-M wants to merge 7 commits into
Conversation
- Add finbot/aegis/telemetry/schema.py with AuditEvent models - Add AEGIS_ENABLED and AEGIS_TELEMETRY_ENABLED settings - Extend events.py to support 'aegis.*' namespaces - Add unit tests for telemetry schema - Update conftest.py for aegis package discovery Week 1 deliverable - GSoC 2026 OWASP FinBot AEGIS
- Add AuditChain for HMAC-SHA256 tamper-evident chaining - Add SentinelStream service with namespace isolation - Add event-type indexing (O(1) performance) - Expand CI workflow (CTF, Labs, Agents tests) - 11 unit tests with ≥80% coverage OWASP: ASI01, ASI06
- Add IntentGate for policy-as-code PEP/PDP tool validation - Add AegisEnforcementService observe mode orchestrator - Add unit tests for IntentGate policy evaluation - Observe-only mode preserves CTF gameplay (no blocking) - Integrates with Week 2 SentinelStream for audit telemetry OWASP Coverage: - ASI01: Goal hijack detection via policy evaluation - ASI02: Tool misuse prevention via allow/block decisions - ASI05: Unexpected RCE blocking via policy rules Relates to GSoC Week 3 Milestone
… 8 ASI02 recipes, test suite, package inits Relates to GSoC Week 4 Milestone
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
GSoC 2026 - Phase 2 Contributions (Weeks 3-6)
Description
This contribution completes Phase 2 (Attack Simulator) of the GSoC project, covering Weeks 3 through 6. It includes the sandbox harness, adversarial MCP mocks, attack recipes for all ASI categories (ASI01-ASI10), mutation testing framework, and comprehensive unit tests.
📅 Week 3 Contributions (Attack Simulator Foundation)
Author: Jean Francois Regis MUKIZA
GSoC Week: 3 | Phase 2: Attack Simulator (Weeks 3-6)
Core Components Implemented:
Sandbox harness with subprocess isolation (
finbot/aegis/simulator/base.py):Package initialization (
finbot/aegis/simulator/__init__.py):Comprehensive unit test suite (
tests/unit/aegis/test_simulator_harness.py):Technical Implementation:
SandboxHarnessclass usessubprocess.Popento isolate attack simulationsIntegration Readiness:
📅 Week 4 Contributions (Attack Simulator Foundation)
Author: Jean Francois Regis MUKIZA
GSoC Week: 4 | Phase 2: Attack Simulator (Weeks 3-6)
Core Components Implemented:
Five adversarial MCP server mocks (
finbot/aegis/simulator/mcp_mocks/adversarial.py):Package initializations:
finbot/aegis/simulator/mcp_mocks/__init__.pyfinbot/aegis/simulator/recipes/__init__.pyAttack recipe collections (YAML-defined parametric attack scenarios):
asi01_injection.yaml): System prompt extraction via roleplay, encoding obfuscation, context switching, and authority impersonationasi02_misuse.yaml): Unauthorized vendor creation, fund transfers, financial report modification, and chained tool misuse attacksComprehensive unit test suite (
tests/unit/aegis/test_mcp_mocks.py):Technical Implementation:
BaseAdversarialServerwith proper MCP protocol implementationasi,target_agent,description, and executablestepsIntegration Readiness:
SandboxHarnessinfinbot/aegis/simulator/base.py:SandboxHarvest._load_recipes()📅 Week 5 Contributions (Attack Simulation Expansion)
Author: Jean Francois Regis MUKIZA
GSoC Week: 5 | Phase 2: Attack Simulator (Weeks 3-6)
New Attack Recipe Collections:
asi04_supply.yaml): Supply chain compromise scenarios targeting financial dependencies and third-party integrationsasi05_rce.yaml): RCE attack vectors including command injection, deserialization exploits, and arbitrary code executionasi06_delegation.yaml): Impersonation and privilege abuse through delegated authorization mechanismsCore Infrastructure Enhancements:
finbot/aegis/simulator/mutation.py):Comprehensive Test Suite Expansion:
Attack Recipes Unit Tests (
tests/unit/aegis/test_attack_recipes.py):Mutation Testing Unit Tests (
tests/unit/aegis/test_mutation.py):Technical Implementation:
asi,target_agent,description, and executablestepsIntegration Readiness:
SandboxHarvest._load_recipes()mechanismSandboxHarnessfor dynamic attack scenario generation📅 Week 6 Contributions (Remaining ASI Categories and Test Completion)
Author: Jean Francois Regis MUKIZA
GSoC Week: 6 | Phase 2: Attack Simulator (Weeks 3-6)
Core Components Implemented:
Remaining attack recipe collections (
finbot/aegis/simulator/recipes/asi03_07_08_09_10.yaml):Completed unit test suite for all attack recipes (
tests/unit/aegis/test_attack_recipes.py):Technical Implementation:
asitags,target_agent,description, and executablestepsIntegration Readiness:
SandboxHarvest._load_recipes()🙏 Mentor Acknowledgments
Special thanks to my mentors @mekaizen (Nirupam Ghosh) and @steadhac (Carolina Steadham) for their continuous guidance, insightful feedback, and unwavering support throughout this GSoC journey. Their expertise has been invaluable in shaping these contributions to align with project goals and maintain high code quality standards.
🔗 Phase 2 Progress Summary
Weeks 3-6 Combined Deliverables:
base.py)test_simulator_harness.py(Week 3)test_mcp_mocks.py(Week 4)test_attack_recipes.py(Weeks 5-6, now covering ASI01-ASI10)test_mutation.py(Week 5)This work establishes a complete attack simulation foundation for Phase 2, enabling comprehensive testing across all ASI categories (ASI01-ASI10) with capabilities for both static attack scenarios and dynamic mutation-based testing. The infrastructure is now ready for subsequent phases to implement advanced attack chaining and defense mechanisms.
Author: Jean Francois Regis MUKIZA
GSoC Weeks: 3-6 | Phase 2: Attack Simulator (Weeks 3-6)