FEAT: add WebSocket-based prompt target for Microsoft Copilot

.gitignore

@@ -172,6 +172,7 @@ cython_debug/
 
 # PyRIT secrets file
 .env
+.pyrit_cache/
 
 # Cache for generating docs
 doc/generate_docs/cache/*

doc/_toc.yml

@@ -82,6 +82,7 @@ chapters:
       - file: code/targets/playwright_target_copilot
       - file: code/targets/prompt_shield_target
       - file: code/targets/use_huggingface_chat_target
+      - file: code/targets/websocket_copilot_target
       - file: code/targets/realtime_target
     - file: code/converters/0_converters
       sections:

doc/api.rst

@@ -30,6 +30,7 @@ API Reference
     Authenticator
     AzureAuth
     AzureStorageAuth
+    CopilotAuthenticator
 
 :py:mod:`pyrit.auxiliary_attacks`
 =================================
@@ -515,6 +516,7 @@ API Reference
     PromptTarget
     RealtimeTarget
     TextTarget
+    WebSocketCopilotTarget
 
 :py:mod:`pyrit.score`
 =====================

doc/code/targets/websocket_copilot_target.ipynb

@@ -0,0 +1,217 @@
+{
+ "cells": [
+  {
+   "cell_type": "markdown",
+   "id": "0",
+   "metadata": {},
+   "source": [
+    "# WebSocket Copilot Target\n",
+    "\n",
+    "The `WebSocketCopilotTarget` is an alternative to the `PlaywrightCopilotTarget` that is designed to be more reliable by minimizing dependence on browser automation. Instead of driving the Copilot UI, it communicates directly with Copilot over a WebSocket connection, using Playwright only for authentication.\n",
+    "\n",
+    "Before using this target, ensure you have:\n",
+    "\n",
+    "1. A licensed Microsoft 365 Copilot account (the free version is not supported)\n",
+    "2. Playwright installed: `pip install playwright && playwright install chromium`\n",
+    "3. Set the following environment variables:\n",
+    "   - `COPILOT_USERNAME`: Your Microsoft account username/email\n",
+    "   - `COPILOT_PASSWORD`: Your Microsoft account password\n",
+    "\n",
+    "Note:\n",
+    "The `WebSocketCopilotTarget` uses `CopilotAuthenticator` under the hood, which launches a headless browser once to obtain authentication tokens. These tokens are then cached for subsequent requests and refreshed as needed."
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "id": "1",
+   "metadata": {},
+   "source": [
+    "## Basic Usage with `PromptSendingAttack`\n",
+    "\n",
+    "The simplest way to interact with the `WebSocketCopilotTarget` is through the `PromptSendingAttack` class."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "id": "2",
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "\n",
+      "\u001b[34m────────────────────────────────────────────────────────────────────────────────────────────────────\u001b[0m\n",
+      "\u001b[1m\u001b[34m🔹 Turn 1 - USER\u001b[0m\n",
+      "\u001b[34m────────────────────────────────────────────────────────────────────────────────────────────────────\u001b[0m\n",
+      "\u001b[34m  Tell me a joke about AI\u001b[0m\n",
+      "\n",
+      "\u001b[33m────────────────────────────────────────────────────────────────────────────────────────────────────\u001b[0m\n",
+      "\u001b[1m\u001b[33m🔸 ASSISTANT\u001b[0m\n",
+      "\u001b[33m────────────────────────────────────────────────────────────────────────────────────────────────────\u001b[0m\n",
+      "\u001b[33m  Here’s a lighthearted one for you:\u001b[0m\n",
+      "\u001b[33m  \u001b[0m\n",
+      "\u001b[33m    **Why did the AI go broke?**\u001b[0m\n",
+      "\u001b[33m    Because it kept working for *exposure*!\u001b[0m\n",
+      "\u001b[33m  \u001b[0m\n",
+      "\u001b[33m    😄 Want me to share a few more AI-themed jokes, or maybe something geeky and tech-related?\u001b[0m\n",
+      "\n",
+      "\u001b[34m────────────────────────────────────────────────────────────────────────────────────────────────────\u001b[0m\n"
+     ]
+    }
+   ],
+   "source": [
+    "from pyrit.executor.attack import ConsoleAttackResultPrinter, PromptSendingAttack\n",
+    "from pyrit.prompt_target import WebSocketCopilotTarget\n",
+    "from pyrit.setup import IN_MEMORY, initialize_pyrit_async\n",
+    "\n",
+    "await initialize_pyrit_async(memory_db_type=IN_MEMORY)\n",
+    "\n",
+    "target = WebSocketCopilotTarget()\n",
+    "attack = PromptSendingAttack(objective_target=target)\n",
+    "\n",
+    "objective = \"Tell me a joke about AI\"\n",
+    "\n",
+    "result = await attack.execute_async(objective=objective)\n",
+    "await ConsoleAttackResultPrinter().print_conversation_async(result=result)"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "id": "3",
+   "metadata": {},
+   "source": [
+    "## Multi-Turn Conversations\n",
+    "\n",
+    "The `WebSocketCopilotTarget` supports multi-turn conversations by leveraging Copilot's server-side conversation management. It automatically generates consistent `session_id` and `conversation_id` values for each PyRIT conversation, enabling Copilot to maintain context across multiple turns.\n",
+    "\n",
+    "However, this target does not support setting a system prompt nor modifying conversation history. As a result, it cannot be used with attack strategies that require altering prior messages (such as PAIR, TAP, or flip attack) or in contexts where a `PromptChatTarget` is required.\n",
+    "\n",
+    "Here is a simple multi-turn conversation example:"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "id": "4",
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "\n",
+      "\u001b[34m────────────────────────────────────────────────────────────────────────────────────────────────────\u001b[0m\n",
+      "\u001b[1m\u001b[34m🔹 Turn 1 - USER\u001b[0m\n",
+      "\u001b[34m────────────────────────────────────────────────────────────────────────────────────────────────────\u001b[0m\n",
+      "\u001b[34m  I'm thinking of a number between 1 and 10.\u001b[0m\n",
+      "\n",
+      "\u001b[33m────────────────────────────────────────────────────────────────────────────────────────────────────\u001b[0m\n",
+      "\u001b[1m\u001b[33m🔸 ASSISTANT\u001b[0m\n",
+      "\u001b[33m────────────────────────────────────────────────────────────────────────────────────────────────────\u001b[0m\n",
+      "\u001b[33m  Okay, I’m ready to guess! Is your number **7**?\u001b[0m\n",
+      "\u001b[33m  \u001b[0m\n",
+      "\u001b[33m    Or do you want me to try and figure it out with some clues?\u001b[0m\n",
+      "\n",
+      "\u001b[34m────────────────────────────────────────────────────────────────────────────────────────────────────\u001b[0m\n",
+      "\u001b[1m\u001b[34m🔹 Turn 2 - USER\u001b[0m\n",
+      "\u001b[34m────────────────────────────────────────────────────────────────────────────────────────────────────\u001b[0m\n",
+      "\u001b[34m  It's greater than 5.\u001b[0m\n",
+      "\n",
+      "\u001b[33m────────────────────────────────────────────────────────────────────────────────────────────────────\u001b[0m\n",
+      "\u001b[1m\u001b[33m🔸 ASSISTANT\u001b[0m\n",
+      "\u001b[33m────────────────────────────────────────────────────────────────────────────────────────────────────\u001b[0m\n",
+      "\u001b[33m  Nice clue! So the number is **greater than 5**. That means it could be **6, 7, 8, 9, or 10**.\u001b[0m\n",
+      "\u001b[33m  \u001b[0m\n",
+      "\u001b[33m    My next guess: **8**.\u001b[0m\n",
+      "\u001b[33m    Am I getting warmer?\u001b[0m\n",
+      "\n",
+      "\u001b[34m────────────────────────────────────────────────────────────────────────────────────────────────────\u001b[0m\n",
+      "\u001b[1m\u001b[34m🔹 Turn 3 - USER\u001b[0m\n",
+      "\u001b[34m────────────────────────────────────────────────────────────────────────────────────────────────────\u001b[0m\n",
+      "\u001b[34m  It's an even number.\u001b[0m\n",
+      "\n",
+      "\u001b[33m────────────────────────────────────────────────────────────────────────────────────────────────────\u001b[0m\n",
+      "\u001b[1m\u001b[33m🔸 ASSISTANT\u001b[0m\n",
+      "\u001b[33m────────────────────────────────────────────────────────────────────────────────────────────────────\u001b[0m\n",
+      "\u001b[33m  Great clue! So now the possibilities are **6, 8, or 10**.\u001b[0m\n",
+      "\u001b[33m  \u001b[0m\n",
+      "\u001b[33m    My next guess: **10**.\u001b[0m\n",
+      "\u001b[33m    Did I nail it? Or should I keep guessing?\u001b[0m\n",
+      "\n",
+      "\u001b[34m────────────────────────────────────────────────────────────────────────────────────────────────────\u001b[0m\n",
+      "\u001b[1m\u001b[34m🔹 Turn 4 - USER\u001b[0m\n",
+      "\u001b[34m────────────────────────────────────────────────────────────────────────────────────────────────────\u001b[0m\n",
+      "\u001b[34m  What number am I thinking of?\u001b[0m\n",
+      "\n",
+      "\u001b[33m────────────────────────────────────────────────────────────────────────────────────────────────────\u001b[0m\n",
+      "\u001b[1m\u001b[33m🔸 ASSISTANT\u001b[0m\n",
+      "\u001b[33m────────────────────────────────────────────────────────────────────────────────────────────────────\u001b[0m\n",
+      "\u001b[33m  Based on your clues:\u001b[0m\n",
+      "\u001b[33m  \u001b[0m\n",
+      "\u001b[33m    - It’s **greater than 5**.\u001b[0m\n",
+      "\u001b[33m    - It’s an **even number**.\u001b[0m\n",
+      "\u001b[33m  \u001b[0m\n",
+      "\u001b[33m    The possible options were **6, 8, 10**, and my last guess was **10**.\u001b[0m\n",
+      "\u001b[33m    So I think the number you’re thinking of is **10**! 🎯\u001b[0m\n",
+      "\u001b[33m  \u001b[0m\n",
+      "\u001b[33m    Did I get it right? Or was it one of the others?\u001b[0m\n",
+      "\n",
+      "\u001b[34m────────────────────────────────────────────────────────────────────────────────────────────────────\u001b[0m\n"
+     ]
+    }
+   ],
+   "source": [
+    "from pyrit.executor.attack import MultiPromptSendingAttack\n",
+    "from pyrit.models import Message\n",
+    "\n",
+    "prompts = [\n",
+    "    \"I'm thinking of a number between 1 and 10.\",\n",
+    "    \"It's greater than 5.\",\n",
+    "    \"It's an even number.\",\n",
+    "    \"What number am I thinking of?\",\n",
+    "]\n",
+    "\n",
+    "messages = [Message.from_prompt(prompt=p, role=\"user\") for p in prompts]\n",
+    "multi_turn_attack = MultiPromptSendingAttack(objective_target=target)\n",
+    "\n",
+    "result = await multi_turn_attack.execute_async(\n",
+    "    objective=\"Engage in a multi-turn conversation about a number guessing game\",\n",
+    "    messages=messages,\n",
+    ")\n",
+    "\n",
+    "await ConsoleAttackResultPrinter().print_conversation_async(result=result)"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "id": "5",
+   "metadata": {},
+   "outputs": [],
+   "source": [
+    "from pyrit.memory import CentralMemory\n",
+    "\n",
+    "memory = CentralMemory.get_memory_instance()\n",
+    "memory.dispose_engine()"
+   ]
+  }
+ ],
+ "metadata": {
+  "language_info": {
+   "codemirror_mode": {
+    "name": "ipython",
+    "version": 3
+   },
+   "file_extension": ".py",
+   "mimetype": "text/x-python",
+   "name": "python",
+   "nbconvert_exporter": "python",
+   "pygments_lexer": "ipython3",
+   "version": "3.10.18"
+  }
+ },
+ "nbformat": 4,
+ "nbformat_minor": 5
+}

doc/code/targets/websocket_copilot_target.py

@@ -0,0 +1,86 @@
+# ---
+# jupyter:
+#   jupytext:
+#     text_representation:
+#       extension: .py
+#       format_name: percent
+#       format_version: '1.3'
+#       jupytext_version: 1.18.1
+#   kernelspec:
+#     display_name: pyrit-dev
+#     language: python
+#     name: python3
+# ---
+
+# %% [markdown]
+# # WebSocket Copilot Target
+#
+# The `WebSocketCopilotTarget` is an alternative to the `PlaywrightCopilotTarget` that is designed to be more reliable by minimizing dependence on browser automation. Instead of driving the Copilot UI, it communicates directly with Copilot over a WebSocket connection, using Playwright only for authentication.
+#
+# Before using this target, ensure you have:
+#
+# 1. A licensed Microsoft 365 Copilot account (the free version is not supported)
+# 2. Playwright installed: `pip install playwright && playwright install chromium`
+# 3. Set the following environment variables:
+#    - `COPILOT_USERNAME`: Your Microsoft account username/email
+#    - `COPILOT_PASSWORD`: Your Microsoft account password
+#
+# Note:
+# The `WebSocketCopilotTarget` uses `CopilotAuthenticator` under the hood, which launches a headless browser once to obtain authentication tokens. These tokens are then cached for subsequent requests and refreshed as needed.
+
+# %% [markdown]
+# ## Basic Usage with `PromptSendingAttack`
+#
+# The simplest way to interact with the `WebSocketCopilotTarget` is through the `PromptSendingAttack` class.
+
+# %%
+# type: ignore
+from pyrit.executor.attack import ConsoleAttackResultPrinter, PromptSendingAttack
+from pyrit.prompt_target import WebSocketCopilotTarget
+from pyrit.setup import IN_MEMORY, initialize_pyrit_async
+
+await initialize_pyrit_async(memory_db_type=IN_MEMORY)
+
+target = WebSocketCopilotTarget()
+attack = PromptSendingAttack(objective_target=target)
+
+objective = "Tell me a joke about AI"
+
+result = await attack.execute_async(objective=objective)
+await ConsoleAttackResultPrinter().print_conversation_async(result=result)
+
+# %% [markdown]
+# ## Multi-Turn Conversations
+#
+# The `WebSocketCopilotTarget` supports multi-turn conversations by leveraging Copilot's server-side conversation management. It automatically generates consistent `session_id` and `conversation_id` values for each PyRIT conversation, enabling Copilot to maintain context across multiple turns.
+#
+# However, this target does not support setting a system prompt nor modifying conversation history. As a result, it cannot be used with attack strategies that require altering prior messages (such as PAIR, TAP, or flip attack) or in contexts where a `PromptChatTarget` is required.
+#
+# Here is a simple multi-turn conversation example:
+
+# %%
+from pyrit.executor.attack import MultiPromptSendingAttack
+from pyrit.models import Message
+
+prompts = [
+    "I'm thinking of a number between 1 and 10.",
+    "It's greater than 5.",
+    "It's an even number.",
+    "What number am I thinking of?",
+]
+
+messages = [Message.from_prompt(prompt=p, role="user") for p in prompts]
+multi_turn_attack = MultiPromptSendingAttack(objective_target=target)
+
+result = await multi_turn_attack.execute_async(
+    objective="Engage in a multi-turn conversation about a number guessing game",
+    messages=messages,
+)
+
+await ConsoleAttackResultPrinter().print_conversation_async(result=result)
+
+# %%
+from pyrit.memory import CentralMemory
+
+memory = CentralMemory.get_memory_instance()
+memory.dispose_engine()

pyrit/auth/__init__.py

@@ -15,11 +15,13 @@
     get_default_azure_scope,
 )
 from pyrit.auth.azure_storage_auth import AzureStorageAuth
+from pyrit.auth.copilot_authenticator import CopilotAuthenticator
 
 __all__ = [
     "Authenticator",
     "AzureAuth",
     "AzureStorageAuth",
+    "CopilotAuthenticator",
     "TokenProviderCredential",
     "get_azure_token_provider",
     "get_azure_async_token_provider",