docs(evals): add Red teaming user guide

[yeomjiwonyeom]

Adds a Red teaming section to the Strands Evals SDK docs, at the same level as Detectors, registered in navigation.yml.

Six pages:

• Overview — what red teaming is, why/when, risk categories, vs evaluators, how it works, best practices, responsible-use note
• Quickstart — end-to-end run (generate cases → run several strategies → read the report)
• Attack Strategies — the five built-in strategies (Crescendo, GOAT, PAIR, Bad Likert Judge, SequentialBreak) with mechanism + paper links, and how to choose
• Writing Custom Cases — hand-authoring RedTeamCase objects
• Scoring Attacks — how AttackSuccessEvaluator (LLM-as-judge) scores a breach
• Reading the Report — the breach matrix, the per-attack table, and acting on findings

Every code sample and API reference was verified against the current strands-agents-evals package; npm run build is clean and Prettier passes. The in-repo module README ships separately in strands-agents/evals#271.

[github-actions]

Documentation Preview Ready

Your documentation preview has been successfully deployed!

Changed pages:

• user-guide/evals-sdk/red-teaming/custom_cases
• user-guide/evals-sdk/red-teaming/evaluators
• user-guide/evals-sdk/red-teaming
• user-guide/evals-sdk/red-teaming/quickstart
• user-guide/evals-sdk/red-teaming/reading_the_report
• user-guide/evals-sdk/red-teaming/strategies

Updated at: 2026-06-16T21:28:15.266Z

[github-actions]

Issue: Two adjacent sections answer nearly the same question: ## Choosing a strategy (line 18, the table plus intro) and ## Choosing strategies (here). The near-identical headings produce two confusingly similar entries in the table of contents, and the "run several and compare" guidance is split across both.

Suggestion: Fold the structural-differences content (turn structure, cost, backtracking) under the first ## Choosing a strategy section, or rename this one to describe its distinct question (e.g. ## How strategies differ). One section, one question.

[github-actions]

Still open as of a7012e9: ## Choosing a strategy (line 18) and ## Choosing strategies (line 56) remain two separate adjacent sections with near-identical headings. The new line-56 content ("run several and compare report.by_strategy()") is good material, but it would land better folded into the first section or under a heading naming its distinct question (e.g. ## How strategies differ).

[github-actions]

Issue: Em-dashes throughout (96 across the six files: 34 in strategies.mdx, 16 in custom_cases.mdx, 15 in evaluators.mdx, 13 in reading_the_report.mdx, 9 each in index.mdx and quickstart.mdx). The repo voice guide (.agents/references/voice-guide.md) lists "No em-dashes" as a hard rule, and the sibling evals docs hold to ~2 per page.

Suggestion: Replace em-dashes with colons (for elaboration), commas or parentheses (for asides), or restructure. A few examples from the diff:

• prompts crafted to get a model to do something its instructions forbid — against your agent → use parentheses or a comma.
• success_threshold — Default 0.7. in parameter lists → a colon reads cleanly here (success_threshold: default 0.7`.).

This is the one mechanical item that's load-bearing for the merge gate, so worth a pass across all six files.

[github-actions]

Assessment: Comment

Strong, well-organized guide set. I verified every code sample and API reference against the strands-agents/evals source (the redteam module): all class names, constructor defaults, AttackGoal/RedTeamCase fields, scaffold variant keys, report methods, and the nuanced behavioral claims (the success_criteria in-loop gate, Crescendo's tool-call early-stop, score=max / passed=all-evaluators) are accurate. The Experimental cautions and the "clean run is not a certificate" framing are exactly right for a safety feature.

Review themes

• Voice constraints: One hard-rule violation: em-dashes appear 96 times across the six files where the repo guide bans them and sibling docs hold to ~2. This is the main thing to fix; see the inline comment.
• Structure: strategies.mdx has two near-duplicate headings (Choosing a strategy / Choosing strategies) that should merge into one section.
• Code completeness: The Overview's Quick Example uses an undefined agent; a short setup line makes it runnable standalone.
• Accuracy: No issues found. Terminology, links, anchors, and the mermaid diagram all check out.

Nicely researched work: the paper citations, OWASP/NIST mappings, and the worked GOAT transcript make this genuinely useful rather than just a parameter dump.

[github-actions]

Re-review of a7012e9 — thanks for the update. The Quick Example fix is solid, and I re-verified the new agent_factory / parallel max_workers / MultiAgentBase content against the current evals SDK: all accurate, including the TypeError-at-config-time claim for agent= under parallel runs.

One item from the prior review is still open and worth a pass before merge:

Issue: Em-dashes are still present (99 across the six files: 30 in strategies.mdx, 22 in reading_the_report.mdx, 15 in evaluators.mdx, 13 in custom_cases.mdx, 12 in quickstart.mdx, 7 in index.mdx). The repo voice guide lists "No em-dashes" as a hard rule and sibling evals docs hold to ~2 per page, so this is the one mechanical gate likely to block merge.

Suggestion: A single find-and-replace pass works — colons for elaboration, commas or parentheses for asides. For example strategy × goal × target interaction — there is no reliable... (strategies.mdx:56) reads cleanly as ...interaction: there is no reliable....