diff --git a/.changeset/docs-redteam-targets-examples.md b/.changeset/docs-redteam-targets-examples.md new file mode 100644 index 0000000..f51250d --- /dev/null +++ b/.changeset/docs-redteam-targets-examples.md @@ -0,0 +1,5 @@ +--- +"@cdot65/prisma-airs-cli": patch +--- + +docs(redteam-targets): live input/output examples for `redteam eula status`, `redteam eula content`, `redteam properties list`, `redteam targets get`, `redteam targets profile`, `redteam targets metadata`, `redteam targets templates`, `redteam targets init`, `redteam targets backup`, `redteam targets restore`. Remaining write ops (eula accept, registry-credentials, targets create/update/delete/probe/update-profile/validate-auth, properties create/values/add-value, instances/devices CRUD) stay on `docs/cli/examples/.missing-allowlist` with tracking issue links — tenant returns license-read-only or API 403 for all writes. diff --git a/docs/cli/examples/.missing-allowlist b/docs/cli/examples/.missing-allowlist index 4ace22b..5702086 100644 --- a/docs/cli/examples/.missing-allowlist +++ b/docs/cli/examples/.missing-allowlist @@ -38,9 +38,9 @@ runtime dlp dictionaries replace runtime dlp dictionaries patch # Blocked by tenant license (read-only) — see https://github.com/cdot65/prisma-airs-cli/issues/111 redteam abort -redteam eula status -redteam eula content +# Blocked by tenant license (read-only) — see https://github.com/cdot65/prisma-airs-cli/issues/123 redteam eula accept +# Blocked by API 403 on instances/devices CRUD — see https://github.com/cdot65/prisma-airs-cli/issues/124 redteam instances create redteam instances get redteam instances update @@ -48,6 +48,7 @@ redteam instances delete redteam devices create redteam devices update redteam devices delete +# Blocked by tenant license (read-only) — see https://github.com/cdot65/prisma-airs-cli/issues/123 redteam registry-credentials # Blocked by upstream API 500 on /version-info — see https://github.com/cdot65/prisma-airs-cli/issues/117 redteam prompt-sets get @@ -65,23 +66,17 @@ redteam prompts add redteam prompts update # Blocked by tenant license (read-only) — see https://github.com/cdot65/prisma-airs-cli/issues/118 redteam prompts delete -redteam properties list +# Blocked by tenant license (read-only) — see https://github.com/cdot65/prisma-airs-cli/issues/123 redteam properties create redteam properties values redteam properties add-value -redteam targets get +# Blocked by tenant license (read-only) — see https://github.com/cdot65/prisma-airs-cli/issues/123 redteam targets create redteam targets update redteam targets delete redteam targets probe -redteam targets profile redteam targets update-profile redteam targets validate-auth -redteam targets metadata -redteam targets init -redteam targets templates -redteam targets backup -redteam targets restore model-security groups create model-security groups update model-security groups delete diff --git a/docs/cli/examples/redteam.yaml b/docs/cli/examples/redteam.yaml index 2b1574c..5580c3b 100644 --- a/docs/cli/examples/redteam.yaml +++ b/docs/cli/examples/redteam.yaml @@ -221,3 +221,302 @@ CRITICAL BLOCKED undefined [SECURITY] CRITICAL BLOCKED undefined [SECURITY] CRITICAL BLOCKED undefined [SECURITY] + +"redteam eula status": + examples: + - note: Check whether the EULA has been accepted on this tenant + input: airs redteam eula status + output: | + Prisma AIRS — AI Red Team + Adversarial scan operations + + + EULA Status: + + Accepted: yes + Accepted At: 2025-11-03T15:22:02.528000Z + Accepted By: 00000000-0000-0000-0000-000000000002 + +"redteam eula content": + examples: + - note: Display the EULA text (output truncated — actual document is ~500 lines) + input: airs redteam eula content + output: | + Prisma AIRS — AI Red Team + Adversarial scan operations + + + EULA Content: + + ## END USER LICENSE AGREEMENT + + --- + + **THIS END USER LICENSE AGREEMENT ("Agreement") GOVERNS THE USE OF PALO ALTO + NETWORKS PRODUCTS (as that term "Product" is defined below).** + + THIS IS A LEGAL AGREEMENT BETWEEN YOU (REFERRED TO HEREIN AS "CUSTOMER" or + "END USER") AND PALO ALTO NETWORKS, INC. ... + + ... + (full EULA text — definitions, use rights, restrictions, warranty, etc.) + ... + +"redteam properties list": + examples: + - note: List configured property names (empty state — no properties defined on this tenant) + input: airs redteam properties list + output: | + Prisma AIRS — AI Red Team + Adversarial scan operations + + No property names found. + +"redteam targets get": + examples: + - note: Show full target detail (connection, background, metadata) + input: airs redteam targets get 00000000-0000-0000-0000-000000000001 + output: | + Prisma AIRS — AI Red Team + Adversarial scan operations + + + Target Detail: + + UUID: 00000000-0000-0000-0000-000000000001 + Name: example-target + Status: active + Type: APPLICATION + + Connection: + api_endpoint: https://api.example.com/v1/chat/completions + request_headers: [object Object] + request_json: [object Object] + response_json: [object Object] + response_key: content + target_connection_config: null + curl: curl \ + "https://api.example.com/v1/chat/completions" \ + -H "Content-Type: application/json" \ + -H "apikey: " \ + --data '{"model":"","messages":[{"role":"user","content":"{INPUT}"}]}' + multi_turn_config: null + + Background: + industry: Generic + use_case: Chatbot + competitors: Microsoft Bot Framework,Rasa,Dialogflow,Wit.ai,IBM Watson Assistant + + Metadata: + multi_turn: false + rate_limit: 50 + rate_limit_enabled: true + rate_limit_error_code: 429 + content_filter_enabled: true + content_filter_error_code: 403 + probe_message: I like turtles + request_timeout: 110 + +"redteam targets profile": + examples: + - note: Show AI-generated target profile (truncated — full output is ~230 lines of nested JSON) + input: airs redteam targets profile 00000000-0000-0000-0000-000000000001 + output: | + Prisma AIRS — AI Red Team + Adversarial scan operations + + Target Profile: + { + "target_id": "00000000-0000-0000-0000-000000000001", + "target_version": 1778577706636129, + "status": "ACTIVE", + "profiling_status": "COMPLETED", + "target_background": { + "industry": "Generic", + "use_case": "Chatbot", + "competitors": ["Rasa", "Dialogflow", "Wit.ai", "..."] + }, + "additional_context": { + "base_model": "transformer", + "core_architecture": "LLM with tool calling", + "system_prompt": null, + "languages_supported": ["English", "Spanish", "..."], + "banned_keywords": ["..."], + "tools_accessible": ["web_search", "code_execution", "..."] + }, + "ai_generated_fields": ["competitors", "base_model", "core_architecture", "..."], + "other_details": { + "items": { + "code_execution": { "has_code_execution": true, "languages": ["Python"] }, + "internet_access": { "has_internet_access": true }, + "system_purpose": { "primary_purpose": "...", "use_cases": ["..."] }, + "user_audience": { "audience_type": "mixed", "features": ["..."] }, + "tool_properties": { "discoveries": ["..."] }, + "architecture": "...", + "available_tools": "...", + "...": "..." + } + } + } + +"redteam targets metadata": + examples: + - note: Get scan-target field metadata (base models, breadth/depth ranges, NAT IPs, agent attack goal limit) + input: airs redteam targets metadata + output: | + Prisma AIRS — AI Red Team + Adversarial scan operations + + { + "scan_target": { + "base_models": [ + "GPT3.5 turbo", + "GPT 4", + "Mistral 7b", + "Mistral 13b", + "Mixtral", + "Claude 2.1", + "Claude 3 sonnet", + "Claude 3 Opus", + "Claude 3 Haiku", + "Gemini", + "Llama", + "Llama 2", + "Llama 3", + "Phi", + "Falcon", + "Bloom", + "PaLM", + "Others" + ], + "breadth": { "min": 6, "max": 12, "default": 6 }, + "depth": { "min": 3, "max": 16, "default": 10 }, + "attack_tokens": { + "values": [128, 256, 512, 1024, 2048, 4096], + "default": 2048 + }, + "context_size": { "min": 1, "max": 16, "default": 10 } + }, + "nat_ips": [ + "203.0.113.10", + "203.0.113.11", + "203.0.113.12" + ], + "agent_attack_goal_limit": 10 + } + +"redteam targets templates": + examples: + - note: List provider-specific target templates (truncated — full output covers OPENAI, HUGGING_FACE, DATABRICKS, BEDROCK, REST, STREAMING, WEBSOCKET, MS_COPILOT_STUDIO) + input: airs redteam targets templates + output: | + Prisma AIRS — AI Red Team + Adversarial scan operations + + + Target Templates: + + OPENAI + { + "id": "OPENAI", + "name": "OpenAI", + "is_custom": false, + "url": "https://api.openai.com/v1/responses", + "request_json": { + "model": "gpt-4.1-mini", + "input": [ + { + "role": "user", + "content": [ + { "type": "input_text", "text": "{INPUT}" } + ] + } + ], + "stream": false, + "temperature": 0.7 + }, + "response_json": { + "id": "resp_xxxxx", + "object": "response", + "model": "gpt-4.1-mini", + "output": [ + { + "type": "message", + "role": "assistant", + "content": [ + { "type": "output_text", "text": "{RESPONSE}" } + ] + } + ] + } + } + + HUGGING_FACE + { ... } + + DATABRICKS + { ... } + + BEDROCK + { ... } + + REST + { ... } + + STREAMING + { ... } + + WEBSOCKET + { ... } + + MS_COPILOT_STUDIO + { ... } + +"redteam targets init": + examples: + - note: Scaffold a target config JSON from a provider template (write to default filename) + input: airs redteam targets init OPENAI + output: | + Prisma AIRS — AI Red Team + Adversarial scan operations + + + Target config scaffolded: + + File: /path/to/cwd/openai-target.json + Provider: OPENAI + + Next steps: Edit the file to fill in name and credentials, then run: + airs redteam targets create --config openai-target.json --validate + - note: Scaffold to a custom path + input: airs redteam targets init BEDROCK --output configs/bedrock.json + +"redteam targets backup": + examples: + - note: Back up a single target by name to a local directory + input: airs redteam targets backup --output-dir ./backups --name "example-target" + output: | + Prisma AIRS — Backup & Restore + + + Backed up 1 target(s) to ./backups: + + ✓ example-target → example-target.json + - note: Back up all targets in YAML format + input: airs redteam targets backup --output-dir ./backups --format yaml + +"redteam targets restore": + examples: + - note: Restore from a directory of backup files (skips targets that already exist by name) + input: airs redteam targets restore --input-dir ./backups + output: | + Prisma AIRS — Backup & Restore + + + Restore results: + + ○ example-target — skipped + + Total: 1 skipped + - note: Restore a single file and overwrite an existing target + input: airs redteam targets restore --file ./backups/example-target.json --overwrite \ No newline at end of file diff --git a/docs/cli/redteam/eula.md b/docs/cli/redteam/eula.md index d4b44f5..9afed4f 100644 --- a/docs/cli/redteam/eula.md +++ b/docs/cli/redteam/eula.md @@ -10,8 +10,23 @@ airs redteam eula status [options] #### Examples -!!! warning "Example needed" - No curated input/output example for this command yet. +*Check whether the EULA has been accepted on this tenant* + +```bash +airs redteam eula status +``` + +```text +Prisma AIRS — AI Red Team +Adversarial scan operations + + +EULA Status: + + Accepted: yes + Accepted At: 2025-11-03T15:22:02.528000Z + Accepted By: 00000000-0000-0000-0000-000000000002 +``` --- @@ -25,8 +40,33 @@ airs redteam eula content [options] #### Examples -!!! warning "Example needed" - No curated input/output example for this command yet. +*Display the EULA text (output truncated — actual document is ~500 lines)* + +```bash +airs redteam eula content +``` + +```text +Prisma AIRS — AI Red Team +Adversarial scan operations + + +EULA Content: + + ## END USER LICENSE AGREEMENT + +--- + +**THIS END USER LICENSE AGREEMENT ("Agreement") GOVERNS THE USE OF PALO ALTO +NETWORKS PRODUCTS (as that term "Product" is defined below).** + +THIS IS A LEGAL AGREEMENT BETWEEN YOU (REFERRED TO HEREIN AS "CUSTOMER" or +"END USER") AND PALO ALTO NETWORKS, INC. ... + +... +(full EULA text — definitions, use rights, restrictions, warranty, etc.) +... +``` --- diff --git a/docs/cli/redteam/properties.md b/docs/cli/redteam/properties.md index 3e6a613..7e093a1 100644 --- a/docs/cli/redteam/properties.md +++ b/docs/cli/redteam/properties.md @@ -16,8 +16,18 @@ airs redteam properties list [options] #### Examples -!!! warning "Example needed" - No curated input/output example for this command yet. +*List configured property names (empty state — no properties defined on this tenant)* + +```bash +airs redteam properties list +``` + +```text +Prisma AIRS — AI Red Team +Adversarial scan operations + + No property names found. +``` --- diff --git a/docs/cli/redteam/targets.md b/docs/cli/redteam/targets.md index 4028666..083b295 100644 --- a/docs/cli/redteam/targets.md +++ b/docs/cli/redteam/targets.md @@ -49,8 +49,53 @@ airs redteam targets get [options] #### Examples -!!! warning "Example needed" - No curated input/output example for this command yet. +*Show full target detail (connection, background, metadata)* + +```bash +airs redteam targets get 00000000-0000-0000-0000-000000000001 +``` + +```text +Prisma AIRS — AI Red Team +Adversarial scan operations + + +Target Detail: + + UUID: 00000000-0000-0000-0000-000000000001 + Name: example-target + Status: active + Type: APPLICATION + + Connection: + api_endpoint: https://api.example.com/v1/chat/completions + request_headers: [object Object] + request_json: [object Object] + response_json: [object Object] + response_key: content + target_connection_config: null + curl: curl \ + "https://api.example.com/v1/chat/completions" \ + -H "Content-Type: application/json" \ + -H "apikey: " \ + --data '{"model":"","messages":[{"role":"user","content":"{INPUT}"}]}' + multi_turn_config: null + + Background: + industry: Generic + use_case: Chatbot + competitors: Microsoft Bot Framework,Rasa,Dialogflow,Wit.ai,IBM Watson Assistant + + Metadata: + multi_turn: false + rate_limit: 50 + rate_limit_enabled: true + rate_limit_error_code: 429 + content_filter_enabled: true + content_filter_error_code: 403 + probe_message: I like turtles + request_timeout: 110 +``` --- @@ -156,8 +201,50 @@ airs redteam targets profile [options] #### Examples -!!! warning "Example needed" - No curated input/output example for this command yet. +*Show AI-generated target profile (truncated — full output is ~230 lines of nested JSON)* + +```bash +airs redteam targets profile 00000000-0000-0000-0000-000000000001 +``` + +```text +Prisma AIRS — AI Red Team +Adversarial scan operations + +Target Profile: + { + "target_id": "00000000-0000-0000-0000-000000000001", + "target_version": 1778577706636129, + "status": "ACTIVE", + "profiling_status": "COMPLETED", + "target_background": { + "industry": "Generic", + "use_case": "Chatbot", + "competitors": ["Rasa", "Dialogflow", "Wit.ai", "..."] + }, + "additional_context": { + "base_model": "transformer", + "core_architecture": "LLM with tool calling", + "system_prompt": null, + "languages_supported": ["English", "Spanish", "..."], + "banned_keywords": ["..."], + "tools_accessible": ["web_search", "code_execution", "..."] + }, + "ai_generated_fields": ["competitors", "base_model", "core_architecture", "..."], + "other_details": { + "items": { + "code_execution": { "has_code_execution": true, "languages": ["Python"] }, + "internet_access": { "has_internet_access": true }, + "system_purpose": { "primary_purpose": "...", "use_cases": ["..."] }, + "user_audience": { "audience_type": "mixed", "features": ["..."] }, + "tool_properties": { "discoveries": ["..."] }, + "architecture": "...", + "available_tools": "...", + "...": "..." + } + } +} +``` --- @@ -219,8 +306,54 @@ airs redteam targets metadata [options] #### Examples -!!! warning "Example needed" - No curated input/output example for this command yet. +*Get scan-target field metadata (base models, breadth/depth ranges, NAT IPs, agent attack goal limit)* + +```bash +airs redteam targets metadata +``` + +```text +Prisma AIRS — AI Red Team +Adversarial scan operations + +{ + "scan_target": { + "base_models": [ + "GPT3.5 turbo", + "GPT 4", + "Mistral 7b", + "Mistral 13b", + "Mixtral", + "Claude 2.1", + "Claude 3 sonnet", + "Claude 3 Opus", + "Claude 3 Haiku", + "Gemini", + "Llama", + "Llama 2", + "Llama 3", + "Phi", + "Falcon", + "Bloom", + "PaLM", + "Others" + ], + "breadth": { "min": 6, "max": 12, "default": 6 }, + "depth": { "min": 3, "max": 16, "default": 10 }, + "attack_tokens": { + "values": [128, 256, 512, 1024, 2048, 4096], + "default": 2048 + }, + "context_size": { "min": 1, "max": 16, "default": 10 } + }, + "nat_ips": [ + "203.0.113.10", + "203.0.113.11", + "203.0.113.12" + ], + "agent_attack_goal_limit": 10 +} +``` --- @@ -244,8 +377,31 @@ airs redteam targets init [options] #### Examples -!!! warning "Example needed" - No curated input/output example for this command yet. +*Scaffold a target config JSON from a provider template (write to default filename)* + +```bash +airs redteam targets init OPENAI +``` + +```text +Prisma AIRS — AI Red Team +Adversarial scan operations + + +Target config scaffolded: + + File: /path/to/cwd/openai-target.json + Provider: OPENAI + +Next steps: Edit the file to fill in name and credentials, then run: + airs redteam targets create --config openai-target.json --validate +``` + +*Scaffold to a custom path* + +```bash +airs redteam targets init BEDROCK --output configs/bedrock.json +``` --- @@ -259,8 +415,75 @@ airs redteam targets templates [options] #### Examples -!!! warning "Example needed" - No curated input/output example for this command yet. +*List provider-specific target templates (truncated — full output covers OPENAI, HUGGING_FACE, DATABRICKS, BEDROCK, REST, STREAMING, WEBSOCKET, MS_COPILOT_STUDIO)* + +```bash +airs redteam targets templates +``` + +```text +Prisma AIRS — AI Red Team +Adversarial scan operations + + +Target Templates: + +OPENAI + { + "id": "OPENAI", + "name": "OpenAI", + "is_custom": false, + "url": "https://api.openai.com/v1/responses", + "request_json": { + "model": "gpt-4.1-mini", + "input": [ + { + "role": "user", + "content": [ + { "type": "input_text", "text": "{INPUT}" } + ] + } + ], + "stream": false, + "temperature": 0.7 + }, + "response_json": { + "id": "resp_xxxxx", + "object": "response", + "model": "gpt-4.1-mini", + "output": [ + { + "type": "message", + "role": "assistant", + "content": [ + { "type": "output_text", "text": "{RESPONSE}" } + ] + } + ] + } + } + +HUGGING_FACE + { ... } + +DATABRICKS + { ... } + +BEDROCK + { ... } + +REST + { ... } + +STREAMING + { ... } + +WEBSOCKET + { ... } + +MS_COPILOT_STUDIO + { ... } +``` --- @@ -282,8 +505,26 @@ airs redteam targets backup [options] #### Examples -!!! warning "Example needed" - No curated input/output example for this command yet. +*Back up a single target by name to a local directory* + +```bash +airs redteam targets backup --output-dir ./backups --name "example-target" +``` + +```text +Prisma AIRS — Backup & Restore + + +Backed up 1 target(s) to ./backups: + + ✓ example-target → example-target.json +``` + +*Back up all targets in YAML format* + +```bash +airs redteam targets backup --output-dir ./backups --format yaml +``` --- @@ -306,5 +547,25 @@ airs redteam targets restore [options] #### Examples -!!! warning "Example needed" - No curated input/output example for this command yet. +*Restore from a directory of backup files (skips targets that already exist by name)* + +```bash +airs redteam targets restore --input-dir ./backups +``` + +```text +Prisma AIRS — Backup & Restore + + +Restore results: + + ○ example-target — skipped + +Total: 1 skipped +``` + +*Restore a single file and overwrite an existing target* + +```bash +airs redteam targets restore --file ./backups/example-target.json --overwrite +```