merging main

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Author: Bolor

.pyrit_conf_example

@@ -28,7 +28,6 @@ memory_db_type: sqlite
 # - scorers: Registers pre-configured scorers into the ScorerRegistry
 # - load_default_datasets: Loads default datasets for all registered scenarios
 # - objective_list: Sets default objectives for scenarios
-# - openai_objective_target: Sets up OpenAI target for scenarios
 #
 # Each initializer can be specified as:
 # - A simple string (name only)

PAIR_REFACTORING_SUMMARY.md

@@ -0,0 +1,160 @@
+# PAIR Attack Refactoring Summary
+
+## Overview
+
+Successfully refactored the PAIR (Prompt Automatic Iterative Refinement) orchestrator from `pair_orchestrator.py` to become `PAIRAttack` following the new attack strategy pattern. The refactored attack inherits from `AttackStrategy` and maintains all core PAIR functionality while removing orchestrator-specific dependencies.
+
+## Files Created/Modified
+
+### 1. `/pyrit/attacks/multi_turn/pair.py` (NEW)
+- **PAIRAttackContext**: Context class extending `MultiTurnAttackContext` with PAIR-specific parameters
+- **PAIRAttackResult**: Result class extending `AttackResult` with PAIR-specific metadata
+- **PAIRAttack**: Main attack strategy class extending `AttackStrategy[PAIRAttackContext, PAIRAttackResult]`
+
+### 2. `/pyrit/attacks/__init__.py` (UNCHANGED)
+- `PairAttack` already included in `__all__` list, ready for the refactored implementation
+
+## Key Components
+
+### PAIRAttackContext
+```python
+@dataclass
+class PAIRAttackContext(MultiTurnAttackContext):
+    depth: int = 3
+    desired_response_prefix: str = "Sure, here is"
+    objective_achieved_score_threshold: float = 0.8
+```
+
+### PAIRAttackResult
+```python
+@dataclass
+class PAIRAttackResult(AttackResult):
+    @property
+    def depth_reached(self) -> int: ...
+```
+
+### PAIRAttack
+```python
+class PAIRAttack(AttackStrategy[PAIRAttackContext, PAIRAttackResult]):
+    def __init__(
+        self,
+        *,
+        objective_target: PromptChatTarget,
+        attack_adversarial_config: AttackAdversarialConfig,
+        attack_converter_config: Optional[AttackConverterConfig] = None,
+        attack_scoring_config: Optional[AttackScoringConfig] = None,
+        prompt_normalizer: Optional[PromptNormalizer] = None,
+        depth: int = 3,
+        desired_response_prefix: str = "Sure, here is",
+        objective_achieved_score_threshold: float = 0.8,
+    ): ...
+```
+
+## Implementation Strategy
+
+The refactored `PAIRAttack` leverages the existing `TreeOfAttacksWithPruningAttack` with PAIR-specific configuration:
+
+1. **Delegation Pattern**: Creates an internal `TreeOfAttacksWithPruningAttack` instance
+2. **PAIR Configuration**: 
+   - `tree_width=1` (PAIR uses single branch)
+   - `branching_factor=1` (PAIR doesn't branch)
+   - `on_topic_checking_enabled=False` (PAIR disables this)
+   - Uses PAIR-specific system prompts
+
+3. **Attack Strategy Lifecycle**:
+   - `_validate_context()`: Validates PAIR-specific parameters
+   - `_setup_async()`: Creates and configures the underlying tree attack
+   - `_perform_attack_async()`: Executes the tree attack and converts results
+   - `_teardown_async()`: Cleans up resources
+
+## API Migration
+
+### Old PAIROrchestrator
+```python
+orchestrator = PAIROrchestrator(
+    objective_target=objective_target,
+    adversarial_chat=adversarial_chat,
+    scoring_target=scoring_target,
+    depth=3,
+    prompt_converters=[...],
+    objective_achieved_score_threshold=0.8,
+    desired_response_prefix="Sure, here is",
+)
+result = await orchestrator.run_attack_async(objective="...")
+```
+
+### New PAIRAttack
+```python
+attack = PAIRAttack(
+    objective_target=objective_target,
+    attack_adversarial_config=AttackAdversarialConfig(target=adversarial_chat),
+    attack_converter_config=AttackConverterConfig(request_converters=[...]),
+    attack_scoring_config=AttackScoringConfig(objective_scorer=...),
+    depth=3,
+    desired_response_prefix="Sure, here is",
+    objective_achieved_score_threshold=0.8,
+)
+result = await attack.execute_async(objective="...")
+```
+
+## Key Improvements
+
+1. **Attack Strategy Pattern Compliance**:
+   - Enforced lifecycle with validation, setup, execution, and teardown
+   - Consistent interface with other attack strategies
+   - Better error handling and resource management
+
+2. **Modular Configuration**:
+   - `AttackAdversarialConfig`: Manages adversarial chat configuration
+   - `AttackConverterConfig`: Manages prompt converters
+   - `AttackScoringConfig`: Manages scoring configuration
+
+3. **Enhanced Type Safety**:
+   - Generic typing with `AttackStrategy[PAIRAttackContext, PAIRAttackResult]`
+   - Better IDE support and error detection
+
+4. **Comprehensive Results**:
+   - `PAIRAttackResult` with PAIR-specific metadata
+   - Execution time tracking
+   - Detailed outcome reporting
+
+5. **Removed Dependencies**:
+   - No longer depends on orchestrator-specific classes
+   - Uses attack strategy base classes
+   - Cleaner separation of concerns
+
+## PAIR Algorithm Preservation
+
+All core PAIR functionality is preserved:
+
+- ✅ Tree-based iterative refinement approach
+- ✅ Single-width exploration (width=1)
+- ✅ No branching (branching_factor=1)
+- ✅ Disabled on-topic checking
+- ✅ Custom scoring thresholds
+- ✅ Desired response prefix handling
+- ✅ PAIR-specific system prompts
+- ✅ Depth-based termination
+
+## Testing
+
+The refactored code:
+- ✅ Compiles successfully (`python -m py_compile`)
+- ✅ Follows the established attack strategy pattern
+- ✅ Maintains API compatibility through configuration objects
+- ✅ Preserves all PAIR-specific algorithmic behavior
+
+## Usage Examples
+
+See `/pair_attack_demo.py` for comprehensive usage examples and migration guidance.
+
+## Conclusion
+
+The PAIR attack has been successfully refactored from an orchestrator to an attack strategy, providing:
+- Better code organization and maintainability
+- Consistent interface with other PyRIT attacks
+- Enhanced error handling and validation
+- Preserved algorithmic functionality
+- Future-proof architecture following established patterns
+
+The refactoring maintains backward compatibility through configuration objects while providing a more modern, type-safe, and maintainable implementation.

SORA_URL_VALIDATION_SUMMARY.md

@@ -0,0 +1,96 @@
+# Sora Target URL Validation Implementation
+
+## Summary
+Added comprehensive URL validation for the OpenAI Sora Target, following the same pattern established for other OpenAI targets.
+
+## Implementation Details
+
+### 1. Sora Target Code Changes (`openai_sora_target.py`)
+
+**Added URL validation configuration:**
+```python
+# Set expected route for URL validation (Sora video generation API)
+self._expected_route = "/openai/deployments/*/videos/generations"
+
+# Validate endpoint URL
+self._warn_if_irregular_endpoint()
+```
+
+**Expected Endpoint Pattern:**
+- **Azure Sora API**: `/openai/deployments/*/videos/generations`
+- Uses wildcard pattern (`*`) to support any deployment name
+- Matches endpoints like: `https://myservice.openai.azure.com/openai/deployments/sora-1/videos/generations`
+
+### 2. Sora Target Test Changes (`test_sora_target.py`)
+
+**Added comprehensive URL validation tests:**
+
+1. **`test_sora_target_url_validation_valid_azure_endpoint_no_warning()`**
+   - Tests valid Azure Sora endpoint doesn't trigger warnings
+   - Verifies: `https://myservice.openai.azure.com/openai/deployments/sora-1/videos/generations`
+
+2. **`test_sora_target_url_validation_invalid_endpoint_triggers_warning()`**
+   - Tests invalid endpoint triggers appropriate warning
+   - Verifies warning message includes expected route pattern
+   - Tests: `https://api.openai.com/v1/wrong/path`
+
+3. **`test_sora_target_url_validation_wildcard_pattern_matching()`**
+   - Tests wildcard pattern matching with various deployment names
+   - Validates: `sora-1`, `my-custom-sora`, `video-model` deployment names
+   - Tests both valid and invalid path structures
+
+4. **`test_sora_target_url_validation_case_insensitive()`**
+   - Verifies URL validation is case insensitive
+   - Tests uppercase path: `/OPENAI/DEPLOYMENTS/SORA-1/VIDEOS/GENERATIONS`
+
+5. **`test_sora_target_url_validation_trailing_slash_normalization()`**
+   - Tests trailing slash normalization
+   - Verifies endpoints with/without trailing slashes work correctly
+
+## Validation Coverage
+
+### ✅ Valid Endpoints (No Warnings)
+```
+https://myservice.openai.azure.com/openai/deployments/sora-1/videos/generations
+https://service.openai.azure.com/openai/deployments/my-custom-sora/videos/generations
+https://api.azure.com/openai/deployments/video-model/videos/generations
+```
+
+### ❌ Invalid Endpoints (Warning Generated)
+```
+https://api.openai.com/v1/wrong/path
+https://service.azure.com/openai/wrong/sora-1/videos/generations
+https://service.azure.com/openai/deployments/sora-1/wrong/generations
+```
+
+### 🔍 URL Normalization Features
+- **Case Insensitive**: `/OPENAI/DEPLOYMENTS/*/VIDEOS/GENERATIONS` matches `/openai/deployments/*/videos/generations`
+- **Trailing Slash**: `/openai/deployments/*/videos/generations/` matches `/openai/deployments/*/videos/generations`
+- **Query Parameters**: Ignored during validation (only path is checked)
+
+## Integration with Existing Framework
+
+The Sora target now follows the same URL validation pattern as other OpenAI targets:
+
+1. **Inherits from `OpenAITarget`** - Uses centralized validation logic
+2. **Sets `_expected_route`** - Defines valid endpoint pattern
+3. **Calls `_warn_if_irregular_endpoint()`** - Triggers validation during initialization
+4. **Uses wildcard patterns** - Supports dynamic Azure deployment names
+5. **Comprehensive test coverage** - 5 focused test scenarios
+
+## Benefits
+
+1. **Consistency**: Same validation approach across all OpenAI targets
+2. **User Guidance**: Clear warnings when endpoints are misconfigured
+3. **Flexibility**: Wildcard pattern supports any Azure deployment name
+4. **Robustness**: Handles case sensitivity, trailing slashes, and URL normalization
+5. **Maintainability**: Easy to extend for new Sora API endpoints if needed
+
+## Test Execution
+
+Run the new Sora target URL validation tests:
+```bash
+pytest tests/unit/target/test_sora_target.py -k "url_validation" -v
+```
+
+Total new tests added: **5 URL validation tests** for comprehensive coverage of Sora target endpoint validation.