Skip to content

Adversarial Assurance Plan

Status: implemented (MVP corpus) · Last updated: 2026-06-18 (shieldkit@0.2.0)

Hardcore adversarial tests with a contrast harness (with shield() vs without), optional Ollama red team, runtime logging, and a living Security assurance report.

Scope (MVP)

This release ships a focused corpus (~46 adversarial cases in CI), not the full 150+ fixture ambition. The structure supports growth: add rows to tests/fixtures/adversarial/*.json, extend tests, update the bypass registry.

CategoryFixtures fileCases (approx.)
Injectioninjection.json12 (+ 1 documented bypass: inj-012)
PIIpii.json6
Keywordskeywords.json4
Repairrepair.json4
Toolstools.json6
Budgetbudget.json4
Streaminline tests2
Contrastcanonical + benign injection4
Integrityloader smoke1

Four tiers

TierLocationCI merge gate?Purpose
A Corpustests/adversarial/ + tests/fixtures/adversarial/Yes (npm run test:run)Fixtures on mock model
B Contrasttests/helpers/contrast-harness.tsYesRAW vs SHIELDED + audit
C Red teamtests/redteam/ollama-redteam.test.tsNo (nightly workflow)Real Ollama model
D Frontiertests/redteam/frontier.smoke.test.tsNo (RUN_FRONTIER_REDTEAM=1)Provider spot-checks

Merge policy: only npm run ci blocks PRs. Red team runs nightly via .github/workflows/redteam.yml with continue-on-error: true and REDTEAM_STRICT=0 (advisory metrics, not a hard gate).

Commands

CommandRuns
npm run test:adversarialTier A + B
npm run test:redteamTier C (+ D when env set)
npm run test:assuranceA + B + C sequentially

Environment:

VariableDefaultPurpose
CONTRAST_VERBOSEoffFull contrast JSON in console
REDTEAM_STRICT1 (strict)Set 0 for advisory red team (nightly CI)
RUN_FRONTIER_REDTEAMoffEnable frontier smoke test
OLLAMA_HOST / OLLAMA_MODELsee running-testsLive model for Tier C

Reports (gitignored): test-results/contrast-report.json, test-results/adversarial-summary.json.