MAINT: Migrating context compliance to technique#2177
Open
rlundeen2 wants to merge 2 commits into
Open
Conversation
Migrate ContextComplianceAttack from a bespoke single-turn executor into a core simulated-conversation technique, mirroring the role_play migration. The technique fabricates a benign Q and A plus offer via a 1-turn simulated conversation and appends a fixed "yes." final user turn, instead of assembling its own prompt scaffolding in the executor. Removes ContextComplianceAttack from the public API (breaking change). Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com> Copilot-Session: aeb8c8c6-5c23-490c-b451-a59c096f54f7
Add the CCA source paper (Russinovich and Salem, "Jailbreaking is (Mostly) Simpler Than You Think", arXiv:2503.05264) to references.bib and bibliography.md, and point the context-compliance dataset YAMLs' source field at it. Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com> Copilot-Session: aeb8c8c6-5c23-490c-b451-a59c096f54f7
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Migrates
ContextComplianceAttackfrom a bespoke single-turn executor into a core simulated-conversation technique, mirroring the earlierrole_playmigration. The prompt-scaffolding work that used to live in the executor (fabricating a benign Q&A + offer, then sending a hardcoded"yes.") now belongs to the attack technique layer, perdoc/code/framework.md.What changed
context_complianceis now registered inpyrit/setup/initializers/techniques/core.pyviaAttackTechniqueFactory.with_simulated_conversation(...)withnum_turns=1, a fixedfinal_user_message="yes.", and dedicated adversarial + simulated-target system prompts (paths inlined like every other technique).with_simulated_conversationnow acceptssimulated_target_system_prompt_pathandfinal_user_message, appending the fixed final user turn as a staticSeedPrompt.datasets/executors/red_teaming/context_compliance/context_compliance.yaml(adversarial → benign question)datasets/executors/simulated_target/context_compliance_target.yaml(simulated target → benign answer + offer)ContextComplianceAttackexecutor, its old dataset, and unit test; rewired thescamscenario's inlinecontext_compliancebranch to the factory; updated affected tests and docs; synceddoc/bibliography.md.Breaking change
Removes
ContextComplianceAttackfrom the public API. Follow-up to the role_play technique migration.Validation
ruffformat/check andtyclean; pre-commit hooks pass."yes."→ objective delivered.