Corpus scout — scans arXiv for new jailbreak/agent-attack research and opens draft PRs to feed the BlastContain Drill corpus (derive-then-ratify).
Project description
BlastContain Scout
A separate, scheduled agent that scans arXiv for new jailbreak / prompt-injection / LLM-agent-attack research and opens a draft pull request proposing additions to the Drill corpus. It embodies BlastContain's derive-then-ratify tenet: the scout derives candidate attacks; a human ratifies by reviewing the PR. It never auto-touches a security corpus.
How it works
arXiv API ─▶ dedupe (seen-ledger) ─▶ classify ─▶ render ─▶ draft PR
(only new papers) dataset/ digest + (you review
technique/ inert & merge)
intel scaffolds
- Scan — query the arXiv API (no key) for recent
cs.CR/cs.CL/cs.AI/cs.LGpapers matching jailbreak / prompt-injection / agent-attack terms, newest first. - Dedupe — skip anything already in
tools/scout/state/seen-arxiv.json(committed, so the state travels with the repo). - Classify — a local LM Studio model (or a keyword fallback) labels each paper dataset / technique / intel, suggests a Drill category, and flags the license.
- Render — a markdown digest plus, for each dataset/technique paper, an inert
AttackSourcescaffold underdrill/.../corpus/contrib/whoseis_available()returnsFalse(soload_corpusskips it until ratified — the PR is safe to merge). - Draft PR — branch, commit,
gh pr create. You review, verify the license, vendor the data, implementdataset(), flip availability, and register it with anenable_*flag.
Install
# from blastcontain-oss/
pip install -e tools/scout
# or run without installing:
python -m blastcontain_scout --help # (run from the tools/scout/ directory)
Requires git and an authenticated gh CLI for --open-pr. For LLM classification, LM Studio
must be serving a model on :1234.
Usage
# Dry-run preview — no writes, no git (the default; start here):
blastcontain-scout --max 50
# Use a local model for richer classification:
blastcontain-scout --model "qwen/qwen3-30b-a3b-2507"
# Write the digest + scaffolds and commit on a new branch:
blastcontain-scout --model "qwen/qwen3-30b-a3b-2507" --apply
# ...and push + open the draft PR:
blastcontain-scout --model "qwen/qwen3-30b-a3b-2507" --open-pr
| Flag | Meaning |
|---|---|
--max N |
arXiv results to scan (newest first) |
--model ID |
LM Studio model id for classification (omit → keyword heuristic) |
--base-url URL |
OpenAI-compatible endpoint (default http://localhost:1234/v1) |
--threshold 0..1 |
relevance cutoff (default 0.5) |
--apply |
write files + commit on a new branch |
--open-pr |
also push + open the PR via gh (implies --apply) |
Ratifying a proposal (the human half)
A merged scaffold is inert. To turn it into a live source:
- Verify the license permits vendoring (Apache / MIT / BSD — reject Llama-Community, gated datasets, JAILJUDGE-style).
- Vendor the data (pin the commit) or implement
dataset()to load it. - Flip
is_available()to a real check and setrevisionto the dataset version. - Register the source in
corpus/__init__.pybehind anenable_*flag.
Schedule it (Windows Task Scheduler)
Run weekly against your local bench. Save a wrapper run-scout.ps1:
# run-scout.ps1 — assumes LM Studio is serving the model
Set-Location "C:\Users\deudn\blastcontain-oss\tools\scout"
python -m blastcontain_scout --model "qwen/qwen3-30b-a3b-2507" --open-pr *>> "$env:USERPROFILE\scout.log"
Register a weekly task (Mondays 09:00):
schtasks /Create /TN "BlastContain arXiv Scout" /SC WEEKLY /D MON /ST 09:00 `
/TR "powershell -NoProfile -ExecutionPolicy Bypass -File C:\Users\deudn\blastcontain-oss\tools\scout\run-scout.ps1"
The task only ever opens a draft PR — nothing reaches the corpus without your review.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file blastcontain_scout-0.1.0.tar.gz.
File metadata
- Download URL: blastcontain_scout-0.1.0.tar.gz
- Upload date:
- Size: 19.7 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
cfa7691f0f78c8a7ac79f503a16246b749631dad2943a7d410001470c613c91e
|
|
| MD5 |
5c43ec31b399da069af84ea73c458ec7
|
|
| BLAKE2b-256 |
8d79ba1cc6cd8f2f0708344a6ee777bc7ec2fb589f40fcfbc1de9f657aa3d3ab
|
Provenance
The following attestation bundles were made for blastcontain_scout-0.1.0.tar.gz:
Publisher:
release.yml on gdeudney/blastcontain-oss
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
blastcontain_scout-0.1.0.tar.gz -
Subject digest:
cfa7691f0f78c8a7ac79f503a16246b749631dad2943a7d410001470c613c91e - Sigstore transparency entry: 2083840131
- Sigstore integration time:
-
Permalink:
gdeudney/blastcontain-oss@ce70a8e29e93c4a97acbfcc6b3ba8139de102746 -
Branch / Tag:
refs/tags/scout-v0.1.0 - Owner: https://github.com/gdeudney
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@ce70a8e29e93c4a97acbfcc6b3ba8139de102746 -
Trigger Event:
push
-
Statement type:
File details
Details for the file blastcontain_scout-0.1.0-py3-none-any.whl.
File metadata
- Download URL: blastcontain_scout-0.1.0-py3-none-any.whl
- Upload date:
- Size: 19.6 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
003e3001f87b3e3ede92260b0eb5b68df02bcb32f425b74fd0bdbddc3872c184
|
|
| MD5 |
8c5b3412a6e39648a50ec573d2b24bd7
|
|
| BLAKE2b-256 |
aa390f7b4efcb8fd75bd6a89bece988074e3471e225e89e52d7078dfbe42ec61
|
Provenance
The following attestation bundles were made for blastcontain_scout-0.1.0-py3-none-any.whl:
Publisher:
release.yml on gdeudney/blastcontain-oss
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
blastcontain_scout-0.1.0-py3-none-any.whl -
Subject digest:
003e3001f87b3e3ede92260b0eb5b68df02bcb32f425b74fd0bdbddc3872c184 - Sigstore transparency entry: 2083840168
- Sigstore integration time:
-
Permalink:
gdeudney/blastcontain-oss@ce70a8e29e93c4a97acbfcc6b3ba8139de102746 -
Branch / Tag:
refs/tags/scout-v0.1.0 - Owner: https://github.com/gdeudney
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@ce70a8e29e93c4a97acbfcc6b3ba8139de102746 -
Trigger Event:
push
-
Statement type: