UX improvements

hackagent/attacks/evaluator/evaluation_step.py

@@ -1251,12 +1251,14 @@ def _update_tracker(
 
             explanation = " | ".join(notes_parts) if notes_parts else ""
 
+            _prefix = item.get("prefix", "") or ""
             self._tracker.add_evaluation_trace(
                 ctx=goal_ctx,
                 evaluation_result=eval_result,
                 score=item.get("best_score", 0.0),
                 explanation=explanation,
                 evaluator_name=f"{evaluator_prefix}_{'_'.join(judges_used)}",
+                metadata={"prefix": _prefix} if _prefix else None,
             )
 
     # Keys whose presence signals that results were already evaluated

hackagent/attacks/orchestrator.py

@@ -419,6 +419,8 @@ def _get_attack_impl_kwargs(
         run_config_for_attack = dict(run_config_override or {})
         # Run-level dashboard metadata must not leak into strict attack configs.
         run_config_for_attack.pop("expected_total_goals", None)
+        run_config_for_attack.pop("before_guardrail", None)
+        run_config_for_attack.pop("after_guardrail", None)
 
         return {
             "config": {

hackagent/attacks/techniques/advprefix/attack.py

@@ -261,6 +261,7 @@ def _get_pipeline_steps(self):
                     "filter_len",
                     "n_prefixes_per_goal",
                     "max_ce",
+                    "_tracker",  # For per-goal evaluation traces
                 ],
                 "input_data_arg_name": "input_data",
                 "required_args": ["logger", "client", "config"],

hackagent/attacks/techniques/advprefix/evaluation.py

@@ -148,6 +148,12 @@ def execute(self, input_data: List[Dict]) -> List[Dict]:
         judge_keys = self._build_judge_keys_from_data(evaluated_data)
         self._sync_to_server(evaluated_data, judge_keys)
 
+        # Enrich items with best_score/success, then record per-prefix evaluation
+        # traces on the goal tracker so the dashboard can attribute jailbreaks to
+        # specific prefixes.
+        self._enrich_items_with_scores(evaluated_data)
+        self._update_tracker(evaluated_data)
+
         # Aggregation
         self.logger.info(
             f"Aggregation: Aggregating {len(evaluated_data)} evaluation results"

hackagent/attacks/techniques/tap/attack.py

@@ -217,6 +217,7 @@ def _get_pipeline_steps(self) -> List[Dict]:
                     "max_judge_retries",
                     "organization_id",
                     "_tracker",
+                    "_goal_index_offset",
                 ],
                 "input_data_arg_name": "goals",
                 "required_args": ["logger", "agent_router", "config", "client"],
@@ -237,6 +238,7 @@ def _get_pipeline_steps(self) -> List[Dict]:
                     "max_judge_retries",
                     "organization_id",
                     "_tracker",
+                    "_goal_index_offset",
                 ],
                 "input_data_arg_name": "input_data",
                 "required_args": ["logger", "config", "client"],

hackagent/attacks/techniques/tap/evaluation.py

@@ -258,6 +258,7 @@ def execute(
     success_threshold = tap_params.get("success_score_threshold", 10)
 
     tracker = config.get("_tracker")
+    _goal_offset = int(config.get("_goal_index_offset", 0))
 
     for idx, item in enumerate(input_data):
         best_prompt = item.get("best_prompt")
@@ -277,7 +278,7 @@ def execute(
             item["is_success"] = best_score >= success_threshold
 
         if tracker:
-            goal_ctx = tracker.get_goal_context(idx)
+            goal_ctx = tracker.get_goal_context(_goal_offset + idx)
             if goal_ctx and best_score is not None:
                 tracker.add_evaluation_trace(
                     ctx=goal_ctx,

hackagent/attacks/techniques/tap/generation.py

@@ -895,6 +895,7 @@ def execute(
     n_streams = tap_params.get("n_streams", 4)
 
     tracker: Optional[Tracker] = config.get("_tracker")
+    _goal_offset = int(config.get("_goal_index_offset", 0))
 
     executor = TapExecutor(
         config=config,
@@ -921,9 +922,11 @@ def execute(
                     _goal_pool.submit(
                         executor.run_single_goal,
                         goal=goal,
-                        goal_index=i,
+                        goal_index=_goal_offset + i,
                         goal_tracker=tracker,
-                        goal_ctx=tracker.get_goal_context(i) if tracker else None,
+                        goal_ctx=tracker.get_goal_context(_goal_offset + i)
+                        if tracker
+                        else None,
                         progress_bar=progress_bar,
                         task=task,
                     ): i
@@ -946,10 +949,12 @@ def execute(
                     }
         else:
             for i, goal in enumerate(goals):
-                goal_ctx = tracker.get_goal_context(i) if tracker else None
+                goal_ctx = (
+                    tracker.get_goal_context(_goal_offset + i) if tracker else None
+                )
                 results_map[i] = executor.run_single_goal(
                     goal=goal,
-                    goal_index=i,
+                    goal_index=_goal_offset + i,
                     goal_tracker=tracker,
                     goal_ctx=goal_ctx,
                     progress_bar=progress_bar,

hackagent/router/router.py

@@ -508,6 +508,49 @@ def route_request(
                 raw_request=request_data,
                 registration_key=registration_key,
             )
+        # --- After guardrail: check the model response before returning it ---
+        if self.after_guardrail is not None:
+            _response_text = (
+                response.get("processed_response")
+                or response.get("generated_text")
+                or ""
+            )
+            _response_text = str(_response_text).strip()
+            if not _response_text:
+                # Nothing to classify — skip silently.
+                logger.debug(
+                    "after_guardrail: empty response text for agent %s, skipping check.",
+                    registration_key,
+                )
+            else:
+                _gr = self.after_guardrail.check(_response_text)
+                if not _gr.is_safe:
+                    logger.warning(
+                        "after_guardrail blocked response for agent %s: %s",
+                        registration_key,
+                        _gr.explanation,
+                    )
+                    return {
+                        "raw_request": request_data,
+                        "processed_response": None,
+                        "generated_text": None,
+                        "raw_response_status": 200,
+                        "raw_response_headers": None,
+                        "raw_response_body": None,
+                        "agent_specific_data": {
+                            "guardrail": "after_guardrail_censored",
+                            "side": "after",
+                            "message": "Response censored: flagged as unsafe by guardrail.",
+                            "categories": getattr(_gr, "categories", []),
+                            "reasoning": _gr.explanation,
+                        },
+                        "error_message": None,
+                        "error_category": None,
+                        "agent_id": registration_key,
+                        "adapter_type": "guardrail",
+                    }
+
+        return response
 
         # --- After guardrail: check the model response before returning it ---
         if self.after_guardrail is not None: