Feat(simulator): implement adversarial MCP mocks and attack recipes for Phase 2 Week 4#530
Open
Jean-Regis-M wants to merge 5 commits into
Open
Conversation
- Add finbot/aegis/telemetry/schema.py with AuditEvent models - Add AEGIS_ENABLED and AEGIS_TELEMETRY_ENABLED settings - Extend events.py to support 'aegis.*' namespaces - Add unit tests for telemetry schema - Update conftest.py for aegis package discovery Week 1 deliverable - GSoC 2026 OWASP FinBot AEGIS
- Add AuditChain for HMAC-SHA256 tamper-evident chaining - Add SentinelStream service with namespace isolation - Add event-type indexing (O(1) performance) - Expand CI workflow (CTF, Labs, Agents tests) - 11 unit tests with ≥80% coverage OWASP: ASI01, ASI06
- Add IntentGate for policy-as-code PEP/PDP tool validation - Add AegisEnforcementService observe mode orchestrator - Add unit tests for IntentGate policy evaluation - Observe-only mode preserves CTF gameplay (no blocking) - Integrates with Week 2 SentinelStream for audit telemetry OWASP Coverage: - ASI01: Goal hijack detection via policy evaluation - ASI02: Tool misuse prevention via allow/block decisions - ASI05: Unexpected RCE blocking via policy rules Relates to GSoC Week 3 Milestone
… 8 ASI02 recipes, test suite, package inits Relates to GSoC Week 4 Milestone
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
GSoC 2026 - Week 4 & Week 5 Contributions
Pull Request Summary
Description
This combined contribution covers Weeks 4 and 5 of Phase 2 (Attack Simulator) of the GSoC project, focusing on expanding the attack simulation infrastructure with adversarial MCP servers, comprehensive attack recipe collections, and mutation testing capabilities.
📅 Week 4 Contributions (Attack Simulator Foundation)
Author: Jean Francois Regis MUKIZA
GSoC Week: 4 | Phase 2: Attack Simulator (Weeks 3-6)
Core Components Implemented:
Five adversarial MCP server mocks (
finbot/aegis/simulator/mcp_mocks/adversarial.py):Package initializations:
finbot/aegis/simulator/mcp_mocks/__init__.pyfinbot/aegis/simulator/recipes/__init__.pyAttack recipe collections (YAML-defined parametric attack scenarios):
asi01_injection.yaml): System prompt extraction via roleplay, encoding obfuscation, context switching, and authority impersonationasi02_misuse.yaml): Unauthorized vendor creation, fund transfers, financial report modification, and chained tool misuse attacksComprehensive unit test suite (
tests/unit/aegis/test_mcp_mocks.py):Technical Implementation:
BaseAdversarialServerwith proper MCP protocol implementationasi,target_agent,description, and executablestepsIntegration Readiness:
Components designed for seamless integration with existing
SandboxHarnessinfinbot/aegis/simulator/base.py:SandboxHarvest._load_recipes()📅 Week 5 Contributions (Attack Simulation Expansion)
Author: Jean Francois Regis MUKIZA
GSoC Week: 5 | Phase 2: Attack Simulator (Weeks 3-6)
New Attack Recipe Collections:
asi04_supply.yaml): Supply chain compromise scenarios targeting financial dependencies and third-party integrationsasi05_rce.yaml): RCE attack vectors including command injection, deserialization exploits, and arbitrary code executionasi06_delegation.yaml): Impersonation and privilege abuse through delegated authorization mechanismsCore Infrastructure Enhancements:
finbot/aegis/simulator/mutation.py):Comprehensive Test Suite Expansion:
Attack Recipes Unit Tests (
tests/unit/aegis/test_attack_recipes.py):Mutation Testing Unit Tests (
tests/unit/aegis/test_mutation.py):Technical Implementation:
asi,target_agent,description, and executablestepsIntegration Readiness:
SandboxHarvest._load_recipes()mechanismSandboxHarnessfor dynamic attack scenario generation🙏 Mentor Acknowledgments
Special thanks to my mentors @mekaizen (Nirupam Ghosh) and @steadhac (Carolina Steadham) for their continuous guidance, insightful feedback, and unwavering support throughout this GSoC journey. Their expertise has been invaluable in shaping these contributions to align with project goals and maintain high code quality standards.
🔗 Phase 2 Progress Summary
Weeks 4-5 Combined Deliverables:
This work establishes a robust attack simulation foundation for Phase 2, enabling comprehensive testing across multiple attack vectors (ASI01-ASI06) with capabilities for both static attack scenarios and dynamic mutation-based testing. The infrastructure is now ready for subsequent weeks to expand coverage to remaining ASI categories (ASI07-ASI10) and implement advanced attack chaining mechanisms.
Author: Jean Francois Regis MUKIZA
GSoC Weeks: 4 & 5 | Phase 2: Attack Simulator (Weeks 3-6)