FEAT Wire frontend attack view to backend APIs

[romanlutz]

Add target management and real attack execution to the PyRIT frontend, replacing the echo stub with live backend communication.

Backend:

• Add attack CRUD endpoints (create, list, get, messages, add message)
• Replace target_unique_name with target_registry_name across models, routes, services, and mappers for clarity
• Add TargetInfo model to nest target metadata in AttackSummary
• Add target_registry_name to AddMessageRequest so the backend stays stateless (no reverse lookups from attack identifier)
• Move lifespan init to pyrit_backend CLI; main.py warns if run directly

CLI:

• Add FrontendCore.run_initializers_async() to consolidate initializer resolution used by both pyrit_backend and run_scenario_async
• Move all deferred imports to module level in frontend_core.py
• Refactor pyrit_backend to use FrontendCore two-step init pattern (initialize_async + run_initializers_async)

Frontend:

• Add Config page with target list, create target dialog, and set-active-target flow
• Wire ChatWindow to attacksApi: lazy attack creation on first message, send via PromptNormalizer, map backend responses to UI messages
• Add messageMapper utils (backend DTO <-> frontend Message conversion)
• Add full backend DTO types mirroring pyrit/backend/models
• Support simulated_assistant role, error rendering, loading indicators, and media attachments (image/audio/video)

Tests:

• Add/update 300+ backend unit tests covering attack service, mappers, target service, API routes, and main lifespan
• Add 150+ frontend tests covering ChatWindow, TargetConfig, CreateTargetDialog, MessageList, api service, and messageMapper
• Update test_frontend_core patch targets to match top-level imports

[bashirpartovi]

maybe this should go into lifespan?

[romanlutz]

setup_frontend needs to happen at module load time otherwise uvicorn can't serve the routes. From what I understand, lifespan is for startup/shutdown tasks that are primarily async, not FastAPI route setup. That's why the comment is there right above 🙂 I'm happy to add to it to make this clearer if you have suggestions.

[hannahwestra25]

Can you add screenshots for the frontend

[Copilot]

Pull request overview

Wires the PyRIT frontend attack experience to live backend APIs, including target management, attack execution, conversation branching, and richer message rendering.

Changes:

• Added/updated backend attack + target endpoints and DTOs (including conversation summaries and target metadata).
• Refactored initialization flow to shift lifespan init into CLI and consolidate initializer execution.
• Expanded frontend UI (config/history/chat) and added extensive unit + E2E coverage.

Reviewed changes

Copilot reviewed 84 out of 88 changed files in this pull request and generated 13 comments.

Show a summary per file

File	Description
tests/unit/registry/test_converter_registry.py	Adds unit tests for converter registry singleton/metadata behavior.
tests/unit/memory/test_sqlite_memory.py	Adds tests for new conversation stats aggregation in SQLite memory.
tests/unit/cli/test_pyrit_backend.py	Adds tests for CLI config-file forwarding and server startup flow.
tests/unit/cli/test_frontend_core.py	Updates patch targets and initializer execution expectations after refactor.
tests/unit/backend/test_target_service.py	Updates tests for target registry naming changes.
tests/unit/backend/test_main.py	Updates lifespan expectations to “warn only” behavior.
pyrit/setup/initializers/airt_targets.py	Adds extra kwargs support and new/renamed target presets.
pyrit/setup/initializers/airt.py	Switches auth approach to Entra token providers and updates required vars.
pyrit/setup/initialization.py	Extracts run_initializers_async to separate initializer execution from memory init.
pyrit/setup/init.py	Exposes run_initializers_async as part of setup public API.
pyrit/prompt_target/openai/openai_video_target.py	Enforces single-turn conversation constraint for video target.
pyrit/prompt_target/openai/openai_target.py	Refactors OpenAI base target inheritance/init to align with PromptTarget.
pyrit/prompt_target/openai/openai_response_target.py	Includes target-specific params in identifiers (e.g., extra body params).
pyrit/prompt_target/openai/openai_realtime_target.py	Adjusts inheritance to keep chat-target semantics for realtime target.
pyrit/prompt_target/openai/openai_image_target.py	Enforces single-turn conversation constraint for image target.
pyrit/models/conversation_stats.py	Introduces ConversationStats aggregate model.
pyrit/models/attack_result.py	Adds attack_result_id onto domain AttackResult.
pyrit/models/init.py	Exports ConversationStats from models package.
pyrit/memory/sqlite_memory.py	Adds conversation stats query and refactors some filtering helpers/update behavior.
pyrit/memory/memory_models.py	Maps DB primary key into AttackResult.attack_result_id.
pyrit/memory/memory_interface.py	Adds conversation stats API and updates attack result insert/update semantics.
pyrit/memory/azure_sql_memory.py	Adds Azure SQL implementation for conversation stats and safer update behavior.
pyrit/cli/pyrit_backend.py	Refactors CLI to use FrontendCore two-step init and adds --config-file.
pyrit/cli/frontend_core.py	Moves deferred imports to module-level and adds run_initializers_async method.
pyrit/backend/services/target_service.py	Renames target id field to registry name and updates pagination cursor.
pyrit/backend/routes/version.py	Adds database backend info to version response payload.
pyrit/backend/routes/targets.py	Renames path params and docs to registry naming scheme.
pyrit/backend/routes/attacks.py	Expands attack routes to support conversations and changes identifiers to attack_result_id.
pyrit/backend/models/targets.py	DTO rename + adds supports_multiturn_chat.
pyrit/backend/models/attacks.py	Adds target metadata nesting, conversation endpoints, and new message request fields.
pyrit/backend/models/init.py	Updates exports for renamed message response DTO.
pyrit/backend/mappers/target_mappers.py	Maps multiturn capability and renames target id field in DTO mapping.
pyrit/backend/mappers/init.py	Renames exported async mapper function.
pyrit/backend/main.py	Removes standalone uvicorn runner and changes lifespan to warn when uninitialized.
frontend/src/utils/messageMapper.ts	Adds backend DTO ↔ UI Message mapping (attachments, reasoning, errors).
frontend/src/types/index.ts	Adds backend DTO type mirrors and expands UI message model.
frontend/src/services/api.ts	Adds targets/attacks/labels API clients and query serialization.
frontend/src/services/api.test.ts	Expands mocked API service tests for new endpoints.
frontend/src/components/Sidebar/Navigation.tsx	Adds navigation views (chat/history/config) and active styling.
frontend/src/components/Sidebar/Navigation.test.tsx	Updates navigation tests for new view switching behavior.
frontend/src/components/Layout/MainLayout.tsx	Shows DB info in version tooltip and wires navigation callbacks.
frontend/src/components/Layout/MainLayout.test.tsx	Updates layout tests for new navigation props and DB tooltip behavior.
frontend/src/components/Labels/LabelsBar.test.tsx	Adds unit tests for labels UI behavior and label fetching.
frontend/src/components/Config/TargetTable.tsx	Adds target list table UI with active-target selection controls.
frontend/src/components/Config/TargetTable.styles.ts	Adds styling for target table and active row highlighting.
frontend/src/components/Config/TargetConfig.tsx	Implements target config page with fetch/retry, refresh, and create dialog.
frontend/src/components/Config/TargetConfig.test.tsx	Adds tests for config page states and interactions.
frontend/src/components/Config/TargetConfig.styles.ts	Adds styling for config page layout and states.
frontend/src/components/Config/CreateTargetDialog.tsx	Adds create-target dialog and validation + submit flow.
frontend/src/components/Config/CreateTargetDialog.test.tsx	Adds tests for create-target dialog validation and submission.
frontend/src/components/Config/CreateTargetDialog.styles.ts	Adds styling for create-target dialog layout.
frontend/src/components/Chat/InputBox.tsx	Adds banners/locking states, ref API, and multiturn warnings for active target.
frontend/src/components/Chat/InputBox.test.tsx	Adds tests for new input-box behaviors (single-turn, ref attachments, banners).
frontend/src/components/Chat/ConversationPanel.tsx	Adds conversation list panel for attacks with promote-to-main and new conversation actions.
frontend/src/components/Chat/ConversationPanel.test.tsx	Adds tests for conversation panel rendering and interactions.
frontend/src/App.tsx	Introduces multi-view app shell, target selection, attack loading, and global labels.
frontend/src/App.test.tsx	Expands app tests for navigation, target selection, and opening historical attacks.
frontend/playwright.config.ts	Splits Playwright projects into seeded vs live modes.
frontend/package.json	Adds e2e scripts for seeded and live test projects.
frontend/eslint.config.js	Adds Node globals for Playwright e2e files.
frontend/e2e/config.spec.ts	Adds e2e coverage for config page and config↔chat flow.
frontend/e2e/api.spec.ts	Adds e2e API smoke tests (targets/attacks) and improves slow-backend handling.
frontend/e2e/accessibility.spec.ts	Updates a11y coverage for new navigation and config table; adjusts expected header text.
frontend/dev.py	Improves dev runner process management, adds detach/logs/config-file support.
frontend/README.md	Documents seeded vs live e2e modes.
.github/workflows/frontend_tests.yml	Runs seeded-only e2e in GitHub Actions.
.gitattributes	Adds union merge strategy for squad log/state files.
.devcontainer/devcontainer_setup.sh	Makes Playwright install failures non-blocking with clearer messaging.

[Copilot]

Both _get_attack_result_harm_category_condition and _get_attack_result_label_condition used to return an exists().where(...) condition, but now only assign it to a local variable (*_subquery) without returning it. That will make these helpers return None, breaking filtering logic that expects a SQLAlchemy condition. Return the constructed subquery (or revert to the inline return exists().where(...)).

[Copilot]

Both _get_attack_result_harm_category_condition and _get_attack_result_label_condition used to return an exists().where(...) condition, but now only assign it to a local variable (*_subquery) without returning it. That will make these helpers return None, breaking filtering logic that expects a SQLAlchemy condition. Return the constructed subquery (or revert to the inline return exists().where(...)).

[Copilot]

Returning full stack traces in the HTTP 500 detail leaks internal code structure and potentially sensitive runtime data to clients. Log the traceback server-side (optionally include request IDs), and return a generic error message to the client; if you want trace exposure for development, gate it behind a dev/debug flag.

[Copilot]

Now that OpenAI targets use multiple inheritance elsewhere (e.g., RealtimeTarget(OpenAITarget, PromptChatTarget)), calling PromptTarget.__init__ directly bypasses cooperative initialization and can break MRO-based init chaining. Prefer super().__init__(...) in OpenAITarget.__init__ so all bases in the MRO can initialize correctly.

[Copilot]

Now that OpenAI targets use multiple inheritance elsewhere (e.g., RealtimeTarget(OpenAITarget, PromptChatTarget)), calling PromptTarget.__init__ directly bypasses cooperative initialization and can break MRO-based init chaining. Prefer super().__init__(...) in OpenAITarget.__init__ so all bases in the MRO can initialize correctly.

Suggested change

	PromptTarget.__init__(
	self,
	super().__init__(

[Copilot]

Including activeConversationId in this effect dependency will refetch the full conversations list on every conversation selection, creating unnecessary API traffic and UI churn. Consider fetching on attackResultId changes (and after mutating actions like create/promote), but not on local selection changes.

Suggested change

	}, [fetchConversations, activeConversationId])
	}, [fetchConversations])

[Copilot]

Several new imports are placed inside test functions. For consistency and readability, prefer moving these imports to the module level (unless there’s a specific reason to defer import side effects).

[Copilot]

Several new imports are placed inside test functions. For consistency and readability, prefer moving these imports to the module level (unless there’s a specific reason to defer import side effects).

[Copilot]

Several new imports are placed inside test functions. For consistency and readability, prefer moving these imports to the module level (unless there’s a specific reason to defer import side effects).

[Copilot]

Several new imports are placed inside test functions. For consistency and readability, prefer moving these imports to the module level (unless there’s a specific reason to defer import side effects).

[Copilot]

Pull request overview

Copilot reviewed 84 out of 88 changed files in this pull request and generated 4 comments.

Comments suppressed due to low confidence (1)

pyrit/memory/sqlite_memory.py:1

• This function used to return the exists().where(...) condition, but now assigns it to labels_subquery and never returns it. That will cause callers to append None to SQLAlchemy conditions and break attack filtering by labels. Return labels_subquery (or inline it back into a return statement).

# Copyright (c) Microsoft Corporation.

[Copilot]

The new inline insert logic introduces deferred/local imports (closing, SQLAlchemyError). This makes the method harder to reason about and diverges from the project’s import organization (imports at module top). Move these imports to the top of the file (or reuse already-imported equivalents) and keep the method focused on DB operations.

[Copilot]

The E2E API tests don’t align with the backend contract: targets list uses limit (not count), and create uses type (not target_type). As written, the create test will likely always skip, reducing the value of the suite. Update these requests to match the API schema and avoid conditional skipping for expected/steady-state flows (use deterministic mocks or dedicated seeded endpoints if needed).

[Copilot]

The base64 detection treats any non-data: and non-http string as base64 and wraps it into a data URI. Backend values can be file paths (e.g., /tmp/x.png, C:\\...) or non-http URLs (blob:, file:, azblob:), which will become invalid data URIs. Consider a stricter base64 check (e.g., regex/length validation) and/or explicit handling for known path/scheme prefixes before deciding to build a data URI.

[Copilot]

These icon-only buttons rely on the title attribute for labeling. title is not consistently announced by screen readers and isn’t a reliable accessible name. Provide an explicit accessible label (e.g., aria-label) so the buttons have stable names for assistive tech and testing via role/name queries.

[Copilot]

Pull request overview

Copilot reviewed 83 out of 88 changed files in this pull request and generated 4 comments.

[Copilot]

Exposing memory.engine.url.database in a public /version response can leak sensitive deployment details (e.g., server/database names, file paths). Consider returning only the backend type (or a redacted form), and/or only including database identifiers when running in a trusted/development mode.

Suggested change

	db_name = None
	if memory.engine.url.database:
	db_name = memory.engine.url.database.split("?")[0]
	database_info = f"{db_type} ({db_name})" if db_name else db_type
	database_info = db_type

[Copilot]

created_at is modeled as Optional[str] here while other timestamps in the same API use datetime (e.g., AttackSummary.created_at/updated_at, CreateConversationResponse.created_at). Using datetime consistently improves schema clarity and avoids clients guessing formats; Pydantic will serialize it as ISO 8601 anyway.

Suggested change

	created_at: Optional[str] = Field(None, description="ISO timestamp of the first message")
	created_at: Optional[datetime] = Field(None, description="ISO timestamp of the first message")

[Copilot]

This test suite mocks the module under test (./api) and re-implements the production logic inside the mock, which means it won’t catch regressions in frontend/src/services/api.ts. Prefer importing the real targetsApi/attacksApi and mocking only apiClient (e.g., via jest spies or an axios mock adapter) so the tests validate the actual implementation.

[Copilot]

This loads the entire conversation just to check whether any prior turn exists. A cheaper approach is to query only for existence/first row (or count with a limit), which avoids pulling full histories into memory when a user accidentally reuses a conversation ID.

[Copilot]

Pull request overview

Copilot reviewed 70 out of 70 changed files in this pull request and generated 5 comments.

[Copilot]

run_initializers_async is intended to be callable independently of initialize_pyrit_async, but it currently doesn't (1) assert CentralMemory is initialized or (2) reset_default_values() before executing initializers. This can lead to initializers running against a partially-initialized environment or inheriting mutated global defaults when multiple scenarios/initializations run in the same process. Consider validating CentralMemory via get_memory_instance() and resetting defaults here (without reloading env files or recreating memory).

[Copilot]

This docstring section enumerating supported env var prefixes is now inconsistent with the actual TARGET_CONFIGS: the video target config uses OPENAI_VIDEO_* vars (and registry_name was changed to openai_video), but the docstring later still refers to AZURE_OPENAI_VIDEO_*. Please update the docstring list to match the current env var names so users don’t misconfigure video targets.

[Copilot]

show_logs uses the external tail command, which isn’t available on Windows by default (this script claims to be cross-platform). Consider implementing log tailing in Python (read last N lines; optionally poll for follow) or add a Windows-specific branch (e.g., PowerShell Get-Content -Tail -Wait).

Suggested change

	def show_logs(*, follow: bool = False, lines: int = 50):
	"""Show dev.py logs."""
	if not DEVPY_LOG_FILE.exists():
	print(f"No log file found at {DEVPY_LOG_FILE}")
	return
	if follow:
	subprocess.run(["tail", "-f", "-n", str(lines), str(DEVPY_LOG_FILE)])
	else:
	subprocess.run(["tail", "-n", str(lines), str(DEVPY_LOG_FILE)])
	def _print_last_log_lines(*, lines: int) -> None:
	"""Print the last N lines from the dev.py log file."""
	with DEVPY_LOG_FILE.open("r") as log_file:
	all_lines = log_file.readlines()
	for line in all_lines[-lines:]:
	print(line, end="")
	def _follow_logs(*, lines: int) -> None:
	"""Print the last N lines and then follow the log file for new entries."""
	_print_last_log_lines(lines=lines)
	with DEVPY_LOG_FILE.open("r") as log_file:
	log_file.seek(0, os.SEEK_END)
	try:
	while True:
	line = log_file.readline()
	if line:
	print(line, end="")
	else:
	time.sleep(0.5)
	except KeyboardInterrupt:
	print()
	def show_logs(*, follow: bool = False, lines: int = 50) -> None:
	"""Show dev.py logs."""
	if not DEVPY_LOG_FILE.exists():
	print(f"No log file found at {DEVPY_LOG_FILE}")
	return
	if follow:
	_follow_logs(lines=lines)
	else:
	_print_last_log_lines(lines=lines)

[Copilot]

This test’s mocked CreateAttackResponse is missing the new required attack_result_id field. Keeping the mock aligned with the real API shape helps catch integration issues and avoids type drift (and potential TS compile errors if type-checking is enabled).

[Copilot]

attacksApi.addMessage now requires additional fields that are mandatory for the backend contract (notably target_conversation_id, and target_registry_name when send: true). These tests are currently constructing requests that the backend will reject and will also drift from the TS AddMessageRequest type. Update the request objects (and the expected apiClient.post payload) to include the required fields.

[Copilot]

Pull request overview

Copilot reviewed 69 out of 69 changed files in this pull request and generated 4 comments.

[Copilot]

This test mock for attacksApi.createAttack doesn't include the now-required attack_result_id in the response shape, so the test no longer matches the real API contract. Update the mocked response and assertions to include attack_result_id (and ideally validate it is forwarded/returned).

[Copilot]

AddMessageRequest now requires target_conversation_id (and typically target_registry_name when send: true), but these tests/mocks call attacksApi.addMessage without those fields. This makes the tests inconsistent with the real client wrapper + backend validation. Update the request objects and expected apiClient.post calls to include target_conversation_id (and target_registry_name when appropriate).

[Copilot]

pyrit.backend.models.__init__ no longer re-exports PrependedMessageRequest (still part of CreateAttackRequest) and also doesn't export the new conversation-related DTOs. If external callers import DTOs from pyrit.backend.models, this is a breaking API change and makes the export surface inconsistent. Consider re-exporting these models (or keeping backwards-compatible aliases) in __all__.

[Copilot]

This E2E test uses a request schema that doesn't match the backend routes/models: it passes count instead of limit for listing targets, and target_type instead of type in the create-target payload. As written, the create test will likely always skip due to a 422, reducing its value. Align the query params and payload keys with /api/targets (e.g., ?limit=... and { type, params }).

[Copilot]

Pull request overview

Copilot reviewed 69 out of 69 changed files in this pull request and generated 5 comments.

[Copilot]

attacksApi.addMessage now requires target_conversation_id (and typically target_registry_name when send: true). Several calls in this test file omit the required target_conversation_id, which will fail TypeScript compilation (and also doesn’t match the backend contract). Update the test requests to include target_conversation_id (and target_registry_name where applicable).

[Copilot]

The create-target response DTO uses target_type, not type. This assertion (expect(created.type).toBe(...)) will fail whenever the endpoint actually returns 200/201. Assert on created.target_type instead (and keep the rest of the checks consistent with TargetInstance).

[Copilot]

These tests were updated to call MemoryInterface.get_attack_results(attack_type=..., converter_types=...), but the actual MemoryInterface.get_attack_results signature still uses attack_class and converter_classes (see pyrit/memory/memory_interface.py around the method definition). As written, this will raise TypeError and fail the suite; update the tests to use the correct parameter names (or rename the production API consistently if that’s the intent).

[Copilot]

get_unique_attack_type_names() / get_unique_converter_type_names() are used here, but the memory layer still exposes get_unique_attack_class_names() / get_unique_converter_class_names() (e.g., on SQLite/AzureSQL memory). Unless the underlying API was renamed everywhere, these tests will error with AttributeError. Update the tests to use the existing method names or update the production interface consistently.

[Copilot]

get_conversation_messages_async can raise ValueError when the provided conversation_id is not part of the attack. This route doesn’t catch that exception, so an invalid conversation_id will currently bubble up as a 500 instead of a 400/404 ProblemDetail. Catch ValueError from the service and translate it to an HTTP 400 (or 404) with a clear message.