MAINT: Updating Backend to use Target Registry#2124
Merged
Conversation
…istry Mirror the Phase 3.5 converter work for targets: push target-specific auth/endpoint-validation out of the backend target_service onto the target classes, add a registry-driven GET /targets/catalog, and wire the create-target dialog to it. - Move endpoint-trust checks onto the targets via shared pyrit.auth helpers (is_azure_openai_endpoint / is_azure_ml_endpoint). OpenAITarget's auto-Entra fallback now uses the strict recognized-host allowlist instead of a loose "azure" substring check (behavior change: unrecognized "azure"-ish endpoints now raise instead of silently minting a token). AzureMLChatTarget gains the Entra auto-fallback the service used to special-case. - Add declarative auth facts to PromptTarget (supported_auth_modes, get_api_key_environment_variable) for the catalog. - RoundRobinTarget owns its own multi-target dedup (object identity). - create_target_async is now generic: resolve class via the registry catalog and build with create_instance; for entra it just omits the api_key. No endpoint or per-class auth branching remains in the service. - Add TargetCatalogEntry/Response + list_target_catalog_async + /targets/catalog. - TargetInstance embeds an additive serialized identifier. - Frontend: targetsApi.listTargetCatalog(); dialog derives its type list + Entra support from the catalog and sends RoundRobin inner targets as `targets`. Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
…inery, simplify RoundRobin Follow-up cleanup on the Phase 4.5 target-registry migration: - Remove get_api_key_environment_variable classmethod (base + OpenAI/AzureML overrides), the catalog api_key_env_var field, backend _validate_api_key_present pre-check, and the frontend type field. Target constructors already raise on missing credentials, so the create-time pre-check was redundant. The instance attribute api_key_environment_variable (the real auth mechanism) is retained. - Slim TargetInstance to embed a required serialized TargetIdentifier and TargetCapabilities; migrate mappers, backend, frontend, and tests to read through identifier.* instead of flattened scalars. - Simplify RoundRobinTarget: drop the _deduplicate_targets staticmethod and the second length check. Now a single length check plus a raise on duplicate target instances, compared by object identity (the identifier hash excludes api_key, so hash comparison would falsely collapse distinct different-key targets). Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
…pper, validator tests Address PR review feedback: - Move supported_auth_modes ownership onto TargetMetadata via the existing Param.ClassAttr mechanism (mirroring ConverterMetadata.supported_input_types), so the target catalog projects purely from registry metadata instead of reaching to the target class. Auth stays out of the identity hash (Evaluate.Exclude). - Genericize the backend target mapper: recurse through a public inner_targets property on the composite target instead of importing RoundRobinTarget and touching private _targets. - Add direct tests for the security-critical is_azure_openai_endpoint / is_azure_ml_endpoint hostname-suffix validators (valid suffixes, spoofing / suffix-injection, case-insensitivity, None/empty). - Add frontend targetIdentity util tests (hoist agree/disagree, accessors). - Fix stale api-key docstrings in target_service. Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
romanlutz
approved these changes
Jul 3, 2026
… support to Blob/PromptShield Renames the AuthMode literal value from `entra` to `identity` across the backend, target classes, identifiers, and frontend so it accurately covers identity-based auth beyond Entra token minting (e.g. AzureBlobStorageTarget's DefaultAzureCredential fallback). Declares identity support on AzureBlobStorageTarget (behavior already existed) and adds an Entra ID token provider fallback to PromptShieldTarget for recognized Azure endpoints. Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
# Conflicts: # pyrit/backend/models/targets.py # pyrit/models/catalog/target.py
Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
The refactored TargetInstance embeds identity under identifier, and the frontend target helpers read arget.identifier.class_name/.endpoint with no fallback. The Playwright e2e /api/targets mocks still used the old flat shape, so identifier was undefined, the target table crashed on render, and no 'Set Active' button appeared (36 failures funneling through activateMockTarget).
Add a shared e2e helper (frontend/e2e/_targets.ts) mirroring the jest makeTarget fixture that folds flat identity scalars into the nested identifier, and wrap every /api/targets list mock across config/chat/errors/accessibility/converters specs. Attack-run arget summaries (flat {target_type, model_name}) and live-backend specs (api/flows) are left unchanged.
Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
The backend target service and the frontend create-target flow each carried their own hand-rolled knowledge of how to discover, build, and describe targets — duplicating logic that the
TargetRegistryalready owns for every other component (converters, scorers, scenarios). This meant the catalog, create-target, and duplicate-detection paths could drift from the registry's build contract, and target identity/auth facts were re-derived in multiple places.Change
Route the backend target service and frontend through
TargetRegistryso the registry is the single source of truth for building and describing targets (Phase 4.5):GET /targets/catalogand create-target project purely fromTargetMetadata; class discovery, parameter derivation, and multi-target resolution are owned by the registry.supported_auth_modesmoves ontoTargetMetadatavia the existingParam.ClassAttrmechanism (matchingConverterMetadata.supported_input_types), so the catalog no longer reaches to the target class. Auth stays out of the identity hash.TargetInstanceembedding a serializedTargetIdentifierinstead of mirroring identity as flat fields; mergedTargetCapabilities.is_azure_openai_endpoint/is_azure_ml_endpoint) replaces the loose"azure" in endpointsubstring check before an Entra token is minted.RoundRobinTargetduplicate handling.Breaking release — no back-compat shims.
Design notes
Full write-up / plan: https://gist.github.com/rlundeen2/f7960f7e8973fbb705b1b4bb48d8cdb2