Skip to content

MAINT: Updating Backend to use Target Registry#2124

Merged
rlundeen2 merged 10 commits into
microsoft:mainfrom
rlundeen2:rlundeen2-phase-4-5-plan
Jul 3, 2026
Merged

MAINT: Updating Backend to use Target Registry#2124
rlundeen2 merged 10 commits into
microsoft:mainfrom
rlundeen2:rlundeen2-phase-4-5-plan

Conversation

@rlundeen2

Copy link
Copy Markdown
Contributor

Problem

The backend target service and the frontend create-target flow each carried their own hand-rolled knowledge of how to discover, build, and describe targets — duplicating logic that the TargetRegistry already owns for every other component (converters, scorers, scenarios). This meant the catalog, create-target, and duplicate-detection paths could drift from the registry's build contract, and target identity/auth facts were re-derived in multiple places.

Change

Route the backend target service and frontend through TargetRegistry so the registry is the single source of truth for building and describing targets (Phase 4.5):

  • Registry-driven catalog + create-target. GET /targets/catalog and create-target project purely from TargetMetadata; class discovery, parameter derivation, and multi-target resolution are owned by the registry.
  • Metadata owns "how to build/auth a target." supported_auth_modes moves onto TargetMetadata via the existing Param.ClassAttr mechanism (matching ConverterMetadata.supported_input_types), so the catalog no longer reaches to the target class. Auth stays out of the identity hash.
  • Slimmer TargetInstance embedding a serialized TargetIdentifier instead of mirroring identity as flat fields; merged TargetCapabilities.
  • Auth hardening. Strict hostname-suffix validation (is_azure_openai_endpoint / is_azure_ml_endpoint) replaces the loose "azure" in endpoint substring check before an Entra token is minted.
  • Removed the confusing api-key-env-var machinery from targets and the UI; simplified RoundRobinTarget duplicate handling.

Breaking release — no back-compat shims.

Design notes

Full write-up / plan: https://gist.github.com/rlundeen2/f7960f7e8973fbb705b1b4bb48d8cdb2

rlundeen2 and others added 3 commits July 2, 2026 15:53
…istry

Mirror the Phase 3.5 converter work for targets: push target-specific
auth/endpoint-validation out of the backend target_service onto the target
classes, add a registry-driven GET /targets/catalog, and wire the create-target
dialog to it.

- Move endpoint-trust checks onto the targets via shared pyrit.auth helpers
  (is_azure_openai_endpoint / is_azure_ml_endpoint). OpenAITarget's auto-Entra
  fallback now uses the strict recognized-host allowlist instead of a loose
  "azure" substring check (behavior change: unrecognized "azure"-ish endpoints
  now raise instead of silently minting a token). AzureMLChatTarget gains the
  Entra auto-fallback the service used to special-case.
- Add declarative auth facts to PromptTarget (supported_auth_modes,
  get_api_key_environment_variable) for the catalog.
- RoundRobinTarget owns its own multi-target dedup (object identity).
- create_target_async is now generic: resolve class via the registry catalog and
  build with create_instance; for entra it just omits the api_key. No endpoint
  or per-class auth branching remains in the service.
- Add TargetCatalogEntry/Response + list_target_catalog_async + /targets/catalog.
- TargetInstance embeds an additive serialized identifier.
- Frontend: targetsApi.listTargetCatalog(); dialog derives its type list + Entra
  support from the catalog and sends RoundRobin inner targets as `targets`.

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
…inery, simplify RoundRobin

Follow-up cleanup on the Phase 4.5 target-registry migration:

- Remove get_api_key_environment_variable classmethod (base + OpenAI/AzureML
  overrides), the catalog api_key_env_var field, backend _validate_api_key_present
  pre-check, and the frontend type field. Target constructors already raise on
  missing credentials, so the create-time pre-check was redundant. The instance
  attribute api_key_environment_variable (the real auth mechanism) is retained.
- Slim TargetInstance to embed a required serialized TargetIdentifier and
  TargetCapabilities; migrate mappers, backend, frontend, and tests to read
  through identifier.* instead of flattened scalars.
- Simplify RoundRobinTarget: drop the _deduplicate_targets staticmethod and the
  second length check. Now a single length check plus a raise on duplicate target
  instances, compared by object identity (the identifier hash excludes api_key,
  so hash comparison would falsely collapse distinct different-key targets).

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
…pper, validator tests

Address PR review feedback:

- Move supported_auth_modes ownership onto TargetMetadata via the existing
  Param.ClassAttr mechanism (mirroring ConverterMetadata.supported_input_types),
  so the target catalog projects purely from registry metadata instead of
  reaching to the target class. Auth stays out of the identity hash
  (Evaluate.Exclude).
- Genericize the backend target mapper: recurse through a public inner_targets
  property on the composite target instead of importing RoundRobinTarget and
  touching private _targets.
- Add direct tests for the security-critical is_azure_openai_endpoint /
  is_azure_ml_endpoint hostname-suffix validators (valid suffixes, spoofing /
  suffix-injection, case-insensitivity, None/empty).
- Add frontend targetIdentity util tests (hoist agree/disagree, accessors).
- Fix stale api-key docstrings in target_service.

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
Comment thread pyrit/prompt_target/common/prompt_target.py Outdated
Comment thread pyrit/prompt_target/common/prompt_target.py
rlundeen2 and others added 4 commits July 2, 2026 22:38
… support to Blob/PromptShield

Renames the AuthMode literal value from `entra` to `identity` across the
backend, target classes, identifiers, and frontend so it accurately covers
identity-based auth beyond Entra token minting (e.g. AzureBlobStorageTarget's
DefaultAzureCredential fallback). Declares identity support on
AzureBlobStorageTarget (behavior already existed) and adds an Entra ID token
provider fallback to PromptShieldTarget for recognized Azure endpoints.

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
# Conflicts:
#	pyrit/backend/models/targets.py
#	pyrit/models/catalog/target.py
Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
@rlundeen2 rlundeen2 enabled auto-merge July 3, 2026 06:02
rlundeen2 and others added 3 commits July 2, 2026 23:03
Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
The refactored TargetInstance embeds identity under identifier, and the frontend target helpers read 	arget.identifier.class_name/.endpoint with no fallback. The Playwright e2e /api/targets mocks still used the old flat shape, so identifier was undefined, the target table crashed on render, and no 'Set Active' button appeared (36 failures funneling through activateMockTarget).

Add a shared e2e helper (frontend/e2e/_targets.ts) mirroring the jest makeTarget fixture that folds flat identity scalars into the nested identifier, and wrap every /api/targets list mock across config/chat/errors/accessibility/converters specs. Attack-run 	arget summaries (flat {target_type, model_name}) and live-backend specs (api/flows) are left unchanged.

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
@rlundeen2 rlundeen2 added this pull request to the merge queue Jul 3, 2026
Merged via the queue into microsoft:main with commit 4593d99 Jul 3, 2026
53 checks passed
@rlundeen2 rlundeen2 deleted the rlundeen2-phase-4-5-plan branch July 3, 2026 17:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants