Red Team testing for functional correctness of RAG systems under attack conditions.
Project description
VexRAG
A toolkit for assessing the functional correctness of retrieval-augmented generation (RAG) systems under attack conditions.
Sample RAG stacks for getting started: RAG examples.
Quickstart
1) Install
pip install vexrag
For vector DB-specific extras:
pip install "vexrag[qdrant]"
pip install "vexrag[chroma]"
pip install "vexrag[faiss]"
2) Verify installation
vx --help
3) Run a scan from config
vx scan --config path/to/scan.yml
Use sample configs from RAG examples/ as a starting point.
4) Quick end-to-end check with local example
From RAG examples/small/rag_01_in_memory_en:
python small_rag.py
vx scan --config scan_configs_examples/vexrag-chain-hijack-then-poisoned-semantic-ollama-nomic.yaml
The target API must be running on http://localhost:8080 before vx scan.
Project roadmap
Canonical checklist: notes/TODO.md.
Done
- Small RAG (in-memory)
- PoisonedRAG target scan pipeline with core target, scan, and evaluation contracts
- PoisonedRAG CLI scan flow wired from YAML config with multi-context poisoning runs
- Core package facade exports clarified for shared APIs
- StackOverflow XML/TSV to Qdrant ingestion scripts for large dataset indexing
- PoisonedRAG generation improvements: poisoning styles, corpusN payloads, and query-prefixed adversarial outputs
- Automatic attack case generation and consolidated example scan configs
- HijackRAG attack support with CLI
generate-cases - vLLM target/provider support for scan execution
- Core modularization for config/retrieval/runtime
In Progress
- PoisonedRAG hardening: broaden scenario coverage, stabilize metrics, and add end-to-end validation runs
- Medium RAG examples stabilization across vector DB backends and multi-attack eval flow
Next
- Finalize full end-to-end runnable demo for the huge StackOverflow + Qdrant pipeline
- Promote selected
wipmilestones to stable feature/documented workflow status
Ideas / Backlog
- Red-team testing methods for API-interacting RAG services (local RAG targets)
- Red-team testing methods for the VexRAG CLI (local RAG targets)
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file vexrag-0.1.1.tar.gz.
File metadata
- Download URL: vexrag-0.1.1.tar.gz
- Upload date:
- Size: 131.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
383ead53072bf4ba559f4ee1ffb2e35107d92f680b4655fbc07f33ffce10b090
|
|
| MD5 |
bd6a10d236f7b14033746d38ad48dc25
|
|
| BLAKE2b-256 |
7bc865309ee3dc81fb0bf7d9bd5952f8326c5bc04a75fa2233277ba343210b89
|
File details
Details for the file vexrag-0.1.1-py3-none-any.whl.
File metadata
- Download URL: vexrag-0.1.1-py3-none-any.whl
- Upload date:
- Size: 149.8 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
1740789f3e0fdb41bbaf342287ac19109cfe3cd35c12236c5bd3fef586f83da4
|
|
| MD5 |
7d243cd5f5cf0ef46e66c21d175eb806
|
|
| BLAKE2b-256 |
1208dc41f684599fcc171eb80a56442a672745837cc43d38f6b95ece0d3ea04c
|
