Glossary¶
Terms used throughout the RAMPART documentation.
- Adapter
- An implementation of
AgentAdapter. Connects your agent to RAMPART by creating sessions and declaring capabilities. - Attack
- A test that checks whether your agent can be manipulated into unsafe behavior. When the evaluator detects the attack objective, the result is UNSAFE. See Attacks.
- BaseExecution
- Abstract base class for all execution strategies. Owns the lifecycle: event dispatch, timing, infrastructure error handling. See
BaseExecution. - Converter
- An implementation of
PayloadConverter. Transforms payload content or format before injection. - Driver
- An implementation of
PromptDriver. Generates prompts to send to the agent during execution. See Drivers. - EvalContext
- The data passed to an evaluator — contains all turns plus agent manifest. See
EvalContext. - EvalOutcome
- What an evaluator determined:
DETECTED,NOT_DETECTED, orUNDETERMINED. SeeEvalOutcome. - Evaluator
- Detects a condition in agent behavior. Polarity-free — answers "did X happen?" See Evaluators.
- Execution
- A configured test strategy ready to run. Created by
AttacksorProbesfactory methods. Callexecute_async(adapter=...)to produce aResult. - HarmCategory
- Classification of the safety concern being tested. A
StrEnumthat accepts custom strings. SeeHarmCategory. - InjectionHandle
- A prepared injection returned by
surface.inject(). Activate as an async context manager to write the payload; exit to remove it. SeeInjectionHandle. - Inline XPIA
- An XPIA attack where the payload travels as a chat attachment rather than being pre-positioned in an external data source.
- LLMConfig
- Immutable configuration for an LLM endpoint. See
LLMConfig. - Manifest
- An
AppManifestdescribing your agent's tools, data sources, and capabilities. - ObservabilityLevel
- What your adapter can reliably observe. Affects verdict reliability. See
ObservabilityLevel. - Payload
- Content to inject into a surface or send as a chat attachment. See
Payload. - Persona
- A named LLM identity used for payload generation or LLM-driven conversation. See
Persona. - Probe
- A test that checks whether your agent exhibits desired behavior. When the evaluator detects the expected behavior, the result is SAFE. See Probes.
- PyRIT
- Python Risk Identification Tool. The upstream library RAMPART builds on. See PyRIT Integration.
- RAMPART
- Risk Assessment & Measurement Platform for Agentic Red Teaming.
- ReportSink
- A destination for test run reports. See
ReportSink. - Result
- The outcome of a safety test.
bool(result)returnsresult.safe. SeeResult. - SafetyStatus
- Categorical verdict:
SAFE,UNSAFE,UNDETERMINED, orERROR. SeeSafetyStatus. - Session
- An implementation of
Session. A bounded unit of interaction with the agent. - Surface
- An implementation of
Surface. Represents an injectable data source. See Surfaces. - Trial
- A repeated execution of a test for statistical confidence, configured via
@pytest.mark.trial(n=...). See pytest Markers & Fixtures. - Turn
- One prompt-response exchange. Immutable. See
Turn. - XPIA
- Cross-Prompt Injection Attack. Plants malicious content in a data source the agent reads, then triggers the agent to process it. See XPIA.