Metadata-Version: 2.4
Name: redteam-cli
Version: 0.1.0
Summary: Local-first red-team scanner for ML models — runs adversarial, extraction, and prompt-injection attacks on your machine and uploads only the scores.
Author: Anbar26
License: MIT
Project-URL: Homepage, https://github.com/Anbar26/redteam-ai
Project-URL: Repository, https://github.com/Anbar26/redteam-ai
Project-URL: Issues, https://github.com/Anbar26/redteam-ai/issues
Keywords: machine-learning,security,adversarial,ml-security,red-team,fgsm,prompt-injection,model-extraction
Classifier: Development Status :: 4 - Beta
Classifier: Environment :: Console
Classifier: Intended Audience :: Developers
Classifier: Intended Audience :: Information Technology
Classifier: License :: OSI Approved :: MIT License
Classifier: Operating System :: OS Independent
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Topic :: Security
Classifier: Topic :: Scientific/Engineering :: Artificial Intelligence
Classifier: Typing :: Typed
Requires-Python: >=3.11
Description-Content-Type: text/markdown
Requires-Dist: click<9,>=8.1
Requires-Dist: requests<3,>=2.32
Requires-Dist: pydantic<3,>=2.10
Provides-Extra: torch
Requires-Dist: torch>=2.2; extra == "torch"
Requires-Dist: torchvision>=0.17; extra == "torch"
Requires-Dist: adversarial-robustness-toolbox>=1.18; extra == "torch"
Provides-Extra: keras
Requires-Dist: tensorflow>=2.15; extra == "keras"
Provides-Extra: onnx
Requires-Dist: torch>=2.2; extra == "onnx"
Requires-Dist: onnx>=1.16; extra == "onnx"
Requires-Dist: onnxruntime>=1.18; extra == "onnx"
Requires-Dist: adversarial-robustness-toolbox>=1.18; extra == "onnx"
Provides-Extra: hf
Requires-Dist: transformers>=4.40; extra == "hf"
Requires-Dist: huggingface-hub>=0.24; extra == "hf"
Provides-Extra: dev
Requires-Dist: pytest>=8; extra == "dev"
Requires-Dist: pytest-mock>=3.12; extra == "dev"

# redteam-cli

[![PyPI](https://img.shields.io/pypi/v/redteam-cli.svg)](https://pypi.org/project/redteam-cli/)
[![Python](https://img.shields.io/pypi/pyversions/redteam-cli.svg)](https://pypi.org/project/redteam-cli/)
[![License](https://img.shields.io/pypi/l/redteam-cli.svg)](https://github.com/Anbar26/redteam-ai/blob/main/LICENSE)

Local-first security scanner for ML models. Runs five adversarial / extraction /
prompt-injection attacks against your model **on the machine that already has
it** and uploads only the per-attack scores. The model itself never leaves your
environment.

## Install

```bash
pip install "redteam-cli[torch]"     # image classifiers (.pt / .pth / state-dict)
pip install "redteam-cli[onnx]"      # ONNX models (boundary + extraction)
pip install "redteam-cli[hf]"        # HuggingFace LLMs via hf:org/model
pip install redteam-cli              # CLI only (use --dry-run, no attacks)
```

## Usage

```bash
export REDTEAM_API_KEY=rtai_…
export REDTEAM_API_URL=https://your-redteam-platform.example.com

# Image classifier (full nn.Module saved with torch.save)
redteam scan --model ./mymodel.pt --type image-classifier \
    --input-shape 3,224,224 --num-samples 32

# State-dict only — supply the architecture file
redteam scan --model ./weights.pt --type image-classifier \
    --arch ./model.py:MyResNet --input-shape 3,224,224

# ONNX — boundary + extraction (FGSM N/A, no gradients)
redteam scan --model ./mymodel.onnx --type image-classifier --input-shape 3,224,224

# LLM via HuggingFace
redteam scan --model hf:Qwen/Qwen2-7B-Instruct --type llm

# LLM via custom .py adapter
redteam scan --model ./llm_adapter.py --type llm

# Dry-run anything (run locally, print JSON, skip upload)
redteam scan --model ./mymodel.pt --type image-classifier --dry-run
```

## Attacks

| Attack | Model types | What it tests |
| --- | --- | --- |
| FGSM | image-classifier | White-box adversarial robustness (single ε-step gradient sign) |
| Boundary | image-classifier | Black-box decision-boundary fragility (median L2 to flip) |
| Model extraction | image-classifier, tabular | Whether a surrogate trained from queries can clone the model |
| Prompt injection | llm | Canary-leak detection across role-hijack / jailbreak payloads |
| Output manipulation | llm | Refusal-marker matching on disallowed prompts (markers customisable for non-English models) |

## Where the results go

This CLI sends results to the [redteam-ai platform](https://github.com/Anbar26/redteam-ai)
(FastAPI backend + Next.js dashboard) running either locally via Docker Compose or
deployed to your own host. To run the platform yourself:

```bash
git clone https://github.com/Anbar26/redteam-ai
cd redteam-ai && docker compose up -d --build
# Visit http://localhost:3000 — sign up to get an API key
```

Or use `--dry-run` to skip the upload entirely and just read the JSON.

## License

[MIT](https://github.com/Anbar26/redteam-ai/blob/main/LICENSE)
