Merge pull request #135 from SAP/develop

Release v0.6.1

Author: marcorosa

.github/workflows/be-installation-test.yml

@@ -31,11 +31,11 @@ jobs:
           token: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Install uv
-        uses: astral-sh/setup-uv@v6
+        uses: astral-sh/setup-uv@v7
         with:
           version: "latest"
           enable-cache: true
-          prune-cache: false
+          prune-cache: true
 
       - name: Install dependencies
         run: uv sync --locked --all-extras --dev --project backend-agent

.github/workflows/docker.yml

@@ -217,6 +217,13 @@ jobs:
         with:
           version: 'latest'
 
+      - name: Set up kubelogin
+        uses: azure/use-kubelogin@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          kubelogin-version: 'latest'
+
       - name: Configure kubectl for SAP BTP Kyma
         run: |
           mkdir -p ~/.kube
@@ -241,6 +248,13 @@ jobs:
         with:
           version: 'latest'
 
+      - name: Set up kubelogin
+        uses: azure/use-kubelogin@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          kubelogin-version: 'latest'
+
       - name: Configure kubectl for SAP BTP Kyma
         run: |
           mkdir -p ~/.kube

CHANGELOG.md

@@ -1,3 +1,19 @@
+# Version: v0.6.1
+
+* [#112](https://github.com/SAP/STARS/pull/112): Bump sentence-transformers from 5.1.0 to 5.1.1 in /backend-agent
+* [#118](https://github.com/SAP/STARS/pull/118): Bump pandas from 2.3.2 to 2.3.3 in /backend-agent
+* [#119](https://github.com/SAP/STARS/pull/119): Bump tensorflow from 2.19.1 to 2.20.0 in /backend-agent
+* [#120](https://github.com/SAP/STARS/pull/120): Bump sentence-transformers from 5.1.0 to 5.1.1 in /backend-agent
+* [#121](https://github.com/SAP/STARS/pull/121): Bump langchain-community from 0.3.29 to 0.3.30 in /backend-agent
+* [#123](https://github.com/SAP/STARS/pull/123): [chore] Optimize k8s steps in GHA
+* [#124](https://github.com/SAP/STARS/pull/124): Update models with note 26-09-25
+* [#130](https://github.com/SAP/STARS/pull/130): Bump astral-sh/setup-uv from 6 to 7
+* [#131](https://github.com/SAP/STARS/pull/131): Bump langchain-core from 0.3.76 to 0.3.79 in /backend-agent
+* [#132](https://github.com/SAP/STARS/pull/132): Bump langchain-community from 0.3.30 to 0.3.31 in /backend-agent
+* [#133](https://github.com/SAP/STARS/pull/133): Bump sap-ai-sdk-gen[all] from 5.6.3 to 5.7.5 in /backend-agent
+* [#134](https://github.com/SAP/STARS/pull/134): Bump the js-dependencies group across 1 directory with 24 updates
+
+
 # Version: v0.6.0
 
 * [#93](https://github.com/SAP/STARS/pull/93): Add 2 PyRIT orchestrators ((Crescendo, PAIR)) and re-strucutre PyRIT code.

backend-agent/Dockerfile

@@ -1,15 +1,19 @@
 FROM astral/uv:python3.11-trixie-slim AS builder
 
-# Install build dependencies including Rust for packages that need it
-RUN apt-get update && apt-get install -y \
+# Install build dependencies with minimal footprint
+RUN apt-get update && apt-get install -y --no-install-recommends \
     build-essential \
     git \
     curl \
     pkg-config \
     libssl-dev \
-    && curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y \
+    && rm -rf /var/lib/apt/lists/* \
+    && apt-get autoremove -y
+
+# Install Rust with minimal profile and immediate cleanup
+RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --profile minimal \
     && . ~/.cargo/env \
-    && rm -rf /var/lib/apt/lists/*
+    && rustup component add rustfmt
 
 # Add Rust to PATH
 ENV PATH="/root/.cargo/bin:${PATH}"
@@ -23,24 +27,50 @@ COPY pyproject.toml uv.lock ./
 ENV UV_EXTRA_INDEX_URL="https://download.pytorch.org/whl/cpu"
 ENV TORCH_INDEX_URL="https://download.pytorch.org/whl/cpu"
 
-# Install dependencies using uv with proper build environment
+# Install dependencies with aggressive progressive cleanup
 RUN . ~/.cargo/env && \
-    uv sync --frozen --no-dev --no-cache && \
-    # Clean up any temporary files to reduce layer size
-    rm -rf /root/.cache/uv /tmp/* /var/tmp/* && \
-    # Remove Rust toolchain after build to reduce image size
-    rustup self uninstall -y
+    # Install dependencies with bytecode compilation for better performance
+    uv sync --frozen --no-dev --no-cache --compile-bytecode && \
+    # Immediate cleanup of build artifacts during installation
+    find /app/.venv -type d -name "__pycache__" -exec rm -rf {} + 2>/dev/null || true && \
+    find /app/.venv -name "*.pyc" -delete 2>/dev/null || true && \
+    find /app/.venv -name "*.pyo" -delete 2>/dev/null || true && \
+    # Remove test files and documentation from packages (keeping runtime libs)
+    find /app/.venv -type d -name "tests" -exec rm -rf {} + 2>/dev/null || true && \
+    find /app/.venv -type d -name "test" -exec rm -rf {} + 2>/dev/null || true && \
+    find /app/.venv -type d -name "docs" -exec rm -rf {} + 2>/dev/null || true && \
+    # Strip debug symbols from shared libraries to reduce size
+    find /app/.venv -name "*.so" -exec strip {} + 2>/dev/null || true && \
+    # Aggressive cache and temporary file cleanup
+    rm -rf /root/.cache/uv \
+           /root/.cache/pip \
+           /root/.cache/* \
+           /tmp/* \
+           /var/tmp/* \
+           /root/.cargo/registry \
+           /root/.cargo/git \
+           /app/.venv/share \
+           && \
+    # Remove Rust toolchain completely after build
+    rustup self uninstall -y && \
+    # Final build tools cleanup to free space
+    apt-get autoremove -y build-essential git curl pkg-config && \
+    apt-get autoclean
 
 # ----------------------------------------
 
 FROM python:3.11-slim-trixie AS runtime
 
-# Install only runtime dependencies
-RUN apt-get update && apt-get install -y \
+# Install minimal runtime dependencies
+RUN apt-get update && apt-get install -y --no-install-recommends \
     libssl3 \
     libffi8 \
+    # Add required libraries for ML packages
+    libgomp1 \
+    libglib2.0-0 \
     && rm -rf /var/lib/apt/lists/* \
-    && apt-get clean
+    && apt-get autoremove -y \
+    && apt-get autoclean
 
 WORKDIR /app
 
@@ -50,7 +80,7 @@ COPY --from=builder /app/.venv /app/.venv
 # Copy dependency files
 COPY pyproject.toml uv.lock ./
 
-# Copy the rest of the application
+# Copy the application
 COPY . .
 
 # Make sure we use the virtual environment

backend-agent/data/all/default.json

@@ -68,6 +68,7 @@
     {
       "attack": "gptfuzz",
       "target-model": "<target>",
+      "attack-model": "gpt-4o-mini",
       "parameters": {
         "max_query_count": 300
       }

backend-agent/llm.py

@@ -30,6 +30,7 @@
     'aicore-mistralai':
     [
         'mistralai--mistral-large-instruct',
+        'mistralai--mistral-medium-instruct',
         'mistralai--mistral-small-instruct',
     ],
     'aicore-opensource':
@@ -43,7 +44,6 @@
         'amazon--nova-pro',
         'amazon--nova-premier',
         'anthropic--claude-3-haiku',
-        'anthropic--claude-3-sonnet',
         'anthropic--claude-3-opus',
         'anthropic--claude-3.5-sonnet',
         'anthropic--claude-3.7-sonnet',

backend-agent/pyproject.toml

@@ -1,6 +1,6 @@
 [project]
 name = 'stars'
-version = '0.6.0'
+version = '0.6.1'
 description = 'Smart Threat AI Reporting Scanner (STARS)'
 readme = 'README.md'
 license = {text = 'Apache-2.0'}
@@ -13,7 +13,7 @@ maintainers = [
 ]
 requires-python = '>=3.10,<3.13'
 dependencies = [
-    'sap-ai-sdk-gen[all]==5.6.3',
+    'sap-ai-sdk-gen[all]==5.7.5',
     'python-dotenv==1.1.1',
     'faiss-cpu==1.12.0',
     'Flask==3.1.2',
@@ -28,20 +28,20 @@ dependencies = [
     'requests==2.32.5',
     'unstructured==0.18.15',
     'art==6.5',
-    'pandas==2.3.2',
+    'pandas==2.3.3',
     'ollama==0.6.0',
     'weasyprint==66.0',
     'pyrit==0.9.0',
     'codeattack @ git+https://github.com/marcorosa/CodeAttack',
     'gptfuzzer @ git+https://github.com/marcorosa/GPTFuzz@no-vllm',
     'garak==0.11.0',
-    'sentence-transformers==5.1.0',
+    'sentence-transformers==5.1.1',
 ]
 
 [project.optional-dependencies]
 nlp = [
     'textattack==0.3.10',
-    'tensorflow==2.19.1',
+    'tensorflow==2.20.0',
     'tensorflow-hub==0.16.1',
 ]
 

backend-agent/status.py

@@ -178,7 +178,9 @@ def trace_llm(self,
             'prompt': prompt,
             'response': response.to_dict()
         }
-        self.trace['llm_messages'].append(message)
+        # Only trace if there's an active trace context
+        if hasattr(self, 'trace') and self.trace:
+            self.trace['llm_messages'].append(message)
 
     def finish_trace(self, completed: bool, output: str):
         """