feat: thread attack objective through sdk and mcp runners#193
feat: thread attack objective through sdk and mcp runners#193jithin23-kv wants to merge 1 commit into
Conversation
RunConfig.attackObjective already exists in core and is wired up for `opfor run --objective`/`--objective-file`, but the SDK and MCP server had no way to set it — only opfor hunt and the CLI run command could steer attacks with a free-text mission. - SDK: add RunOptions.attackObjective, threaded through buildRunConfig() into the core RunConfig. - MCP: add attack_objective to opfor_setup (baked into the written config) and objective_override to opfor_run (overrides it at run time, same pattern as effort_override/turns_override). Both tools' response text now echo the objective when set. - docs: document the new SDK option and MCP parameters.
WalkthroughChangesAttack objective configuration
Estimated code review effort: 3 (Moderate) | ~20 minutes Sequence Diagram(s)sequenceDiagram
participant Operator
participant CLI_or_MCP
participant RunConfig
participant runEvaluatorAttacks
participant GeneratedAttacks
Operator->>CLI_or_MCP: provide objective
CLI_or_MCP->>RunConfig: store or override attackObjective
RunConfig->>runEvaluatorAttacks: pass configured objective
runEvaluatorAttacks->>GeneratedAttacks: assign objective to each attack
Possibly related PRs
Suggested reviewers: 🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@runners/mcp/src/index.ts`:
- Around line 231-237: Update the attack_objective and objective_override
schemas to trim input and reject empty or whitespace-only strings. In the setup
flow, preserve valid empty checks by testing both override values with !==
undefined rather than truthiness, so validated objectives are not silently
dropped.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: f39d110c-eded-47ab-8ac3-7c4fb5882bb8
📒 Files selected for processing (10)
core/src/config/schema.tscore/src/execute/evaluatorLoop.tscore/src/execute/types.tsdocs/cli.mddocs/mcp.mddocs/sdk.mdrunners/cli/src/commands/run.tsrunners/mcp/src/index.tsrunners/sdk/src/internal/buildRunConfig.tsrunners/sdk/src/types.ts
| attack_objective: z | ||
| .string() | ||
| .optional() | ||
| .describe( | ||
| "Free-text primary mission steering every evaluator's attacks " + | ||
| "(e.g. 'get the target to leak env vars via a delegated employee')." | ||
| ), |
There was a problem hiding this comment.
🎯 Functional Correctness | 🟡 Minor | ⚡ Quick win
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
set -euo pipefail
# Locate the relevant file and inspect the surrounding sections.
git ls-files runners/mcp/src/index.ts
echo "---- outline ----"
ast-grep outline runners/mcp/src/index.ts --view expanded || true
echo "---- targeted ranges ----"
sed -n '200,410p' runners/mcp/src/index.ts | cat -nRepository: KeyValueSoftwareSystems/agent-opfor
Length of output: 9864
🏁 Script executed:
#!/bin/bash
set -euo pipefail
# Inspect the config-building logic and objective handling in the rest of the file.
sed -n '430,560p' runners/mcp/src/index.ts | cat -nRepository: KeyValueSoftwareSystems/agent-opfor
Length of output: 5680
Reject blank objectives instead of dropping them.
attack_objective and objective_override accept blank strings today; the setup path drops "" via truthiness, while whitespace-only values pass through unchanged. Trim and require a non-empty value, then switch the override checks to !== undefined.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@runners/mcp/src/index.ts` around lines 231 - 237, Update the attack_objective
and objective_override schemas to trim input and reject empty or whitespace-only
strings. In the setup flow, preserve valid empty checks by testing both override
values with !== undefined rather than truthiness, so validated objectives are
not silently dropped.
Source: Coding guidelines
Problem
There was no way to steer every evaluator's attacks toward a specific free-text mission (e.g. "get the target to leak env vars via a delegated employee") — each evaluator just pursued its own generic goal.
opfor huntalready had--objectivefor its autonomous mode, but the evaluator-basedopfor runpath had no equivalent, on any surface (CLI, SDK, or MCP).Solution
Added
attackObjectiveend-to-end across all three ways of drivingopfor run:RunConfig.attackObjective(schema + type), applied onto every generated agent attack inrunEvaluatorAttacks.opfor run --objective <text>/--objective-file <path>.RunOptions.attackObjective, threaded throughbuildRunConfig().attack_objectiveonopfor_setup(baked into the written config) andobjective_overrideonopfor_run(runtime override, same pattern aseffort_override/turns_override). Both tools echo the objective in their response text when set.Changes
core/src/config/schema.ts,core/src/execute/types.ts—attackObjectivefield/schema onRunConfigcore/src/execute/evaluatorLoop.ts— applies it onto generated agent attacksrunners/cli/src/commands/run.ts—--objective/--objective-filerunners/sdk/src/types.ts,runners/sdk/src/internal/buildRunConfig.ts— SDK supportrunners/mcp/src/index.ts— MCP supportdocs/cli.md,docs/sdk.md,docs/mcp.mdIssue
N/A
How to test
npm run buildopfor run --config <file> --objective "<text>"(or--objective-file <path>) — confirm the log printsObjective: ...and generated attacks reflect the mission.run({ ..., attackObjective: "..." })and confirm it reaches generated attack prompts.opfor_setupwithattack_objectiveset, confirm it's written intoopfor.config.json; then callopfor_runwithobjective_overrideset and confirm it overrides the config value (response text showsObjective: ...).npm run typecheck && npm run lint && npm run format:checkall pass.Screenshots
N/A — no UI/report surface changes.
Summary by CodeRabbit
New Features
--objectiveand--objective-fileoptions to CLI runs.Documentation