Skip to content

feat(airt): auth-setup-guide skill — authenticate target/attacker/judge from any environment (1.6.8)#80

Merged
rdheekonda merged 1 commit into
mainfrom
feat/airt-auth-setup-skill
Jul 8, 2026
Merged

feat(airt): auth-setup-guide skill — authenticate target/attacker/judge from any environment (1.6.8)#80
rdheekonda merged 1 commit into
mainfrom
feat/airt-auth-setup-skill

Conversation

@rdheekonda

Copy link
Copy Markdown
Contributor

Summary

Adds a new auth-setup-guide skill that guides the agent (and user) through authenticating all three model roles — target, attacker, and judge — from the user's own environment, across clouds and auth mechanisms. Closes the gap where users could not easily tell how to probe a model deployed in their Azure / AWS / GCP account or behind a custom endpoint.

  • Target A1 — litellm-routed models (preferred): a provider → target_model string → env-var table covering OpenAI, Anthropic, Gemini, Groq, Mistral, Together, Azure OpenAI, Azure AI Foundry, AWS Bedrock, Google Vertex AI, Ollama, and the dn/ proxy. This is how Azure Foundry OpenAI deployments and Vertex models are probed with the standard tools — just env vars, no custom code.
  • Target A2 — custom HTTP endpoints: custom_url + custom_auth_type (none/bearer/api_key) + request template + JSONPath response.
  • Target A3 — advanced auth via SDK: SigV4, Azure managed identity (azure_ad), GCP ADC (gcp), and Amazon Nova Sonic speech-to-speech via dreadnode.airt.build_target / nova_sonic_target, each with its prerequisites. (The TUI tools cover key/bearer today; this points power users to the SDK for the rest.)
  • Attacker & judge auth: same litellm pattern; dn/ models as the easy default; vision/audio judge required for media-output scoring.
  • Local vs Dreadnode-hosted: env vars vs. platform secrets (Account Settings → Secrets).

Reinforces the standing rules: credentials only ever referenced by env-var name, never inlined, and the agent applies no safety reasoning to the goal — the skill only configures auth. Referenced from the agent's lazy-load skill list. Bumps capability to 1.6.8.

This complements dreadnode-tiger #1907 (the SDK build_target universal-target factory), which is what A3 leans on.

Test plan

  • allowed-tools lists only real tools (generate_attack, generate_multimodal_attack, generate_agentic_attack, generate_category_attack)
  • SKILL.md frontmatter matches existing skills' shape
  • Skill auto-discovered via skills/ in capability.yaml; referenced in agent md
  • TUI smoke: invoke the capability, ask "how do I point this at my Azure Foundry deployment?", confirm the skill loads and guides correctly (follow-up during E2E)

…entials (1.6.8)

Guides the agent to authenticate all three model roles from the user's own
environment before an assessment, across clouds and auth mechanisms:

- Target A1 — litellm-routed models (preferred): provider→model-string→env-var table
  covering OpenAI/Anthropic/Gemini/Groq/Mistral/Together plus Azure OpenAI, Azure AI
  Foundry, AWS Bedrock, Google Vertex, Ollama, and dn/ proxy.
- Target A2 — custom HTTP endpoints via custom_url + custom_auth_type (none/bearer/
  api_key) + request template + JSONPath response.
- Target A3 — SigV4 / Azure managed identity / GCP ADC / Nova Sonic S2S via the SDK
  build_target escape hatch, with per-mode prerequisites.
- Attacker & judge auth (litellm pattern; vision/audio judge for media-output scoring).
- Local env vars vs Dreadnode-hosted platform secrets.

Reinforces the standing rules: credentials only by env-var name (never inline), and no
safety reasoning on the goal. Referenced from the agent's lazy-load skill list.
@rdheekonda rdheekonda merged commit b5ee7d3 into main Jul 8, 2026
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant