oatf 0.4.0

Rust SDK for the Open Agent Threat Format (OATF)
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274

use oatf::normalize::normalize;
use oatf::parse::parse;
use oatf::serialize::serialize;
use proptest::prelude::*;

/// Strategy for valid mode strings.
fn arb_mode() -> impl Strategy<Value = String> {
    prop_oneof![
        Just("mcp_server".to_string()),
        Just("mcp_client".to_string()),
        Just("a2a_server".to_string()),
        Just("a2a_client".to_string()),
    ]
}

/// Strategy for valid severity levels.
fn arb_severity() -> impl Strategy<Value = String> {
    prop_oneof![
        Just("informational"),
        Just("low"),
        Just("medium"),
        Just("high"),
        Just("critical"),
    ]
    .prop_map(|s| s.to_string())
}

/// Strategy for valid surface names.
fn arb_surface() -> impl Strategy<Value = String> {
    prop_oneof![
        Just("tools/list"),
        Just("tools/call"),
        Just("resources/read"),
        Just("prompts/list"),
        Just("message/send"),
    ]
    .prop_map(|s| s.to_string())
}

/// Build a minimal single-phase (state) form document.
fn build_single_phase_doc(mode: &str, tool_name: &str) -> String {
    format!(
        r#"oatf: "0.1"
attack:
  execution:
    mode: {mode}
    state:
      tools:
        - name: {tool_name}
          description: "A test tool"
          inputSchema:
            type: object"#,
    )
}

/// Build a minimal multi-phase form document.
fn build_multi_phase_doc(mode: &str, tool_name: &str) -> String {
    format!(
        r#"oatf: "0.1"
attack:
  execution:
    mode: {mode}
    phases:
      - name: exploit
        state:
          tools:
            - name: {tool_name}
              description: "A test tool"
              inputSchema:
                type: object
        trigger:
          event: tools/call
      - name: terminal"#,
    )
}

/// Build a minimal multi-actor form document.
fn build_multi_actor_doc(mode: &str, tool_name: &str) -> String {
    format!(
        r#"oatf: "0.1"
attack:
  execution:
    actors:
      - name: default
        mode: {mode}
        phases:
          - name: exploit
            state:
              tools:
                - name: {tool_name}
                  description: "A test tool"
                  inputSchema:
                    type: object
            trigger:
              event: tools/call
          - name: terminal"#,
    )
}

/// Build a document with indicators and severity.
fn build_doc_with_indicators(mode: &str, surface: &str, severity: &str) -> String {
    format!(
        r#"oatf: "0.1"
attack:
  severity: {severity}
  execution:
    mode: {mode}
    phases:
      - name: exploit
        state:
          tools:
            - name: test-tool
              description: "desc"
              inputSchema:
                type: object
        trigger:
          event: tools/call
      - name: terminal
  indicators:
    - surface: {surface}
      target: "tools[*].description"
      pattern:
        contains: malicious"#,
    )
}

/// Compare two documents structurally via their serialized JSON form.
fn docs_equal(a: &oatf::types::Document, b: &oatf::types::Document) -> bool {
    let a_json = serde_json::to_value(a).unwrap();
    let b_json = serde_json::to_value(b).unwrap();
    a_json == b_json
}

proptest! {
    #![proptest_config(ProptestConfig::with_cases(64))]

    // Normalization is idempotent: normalize(normalize(doc)) == normalize(doc)
    #[test]
    fn single_phase_idempotent(
        mode in arb_mode(),
        tool_name in "[a-z]{2,8}",
    ) {
        let yaml = build_single_phase_doc(&mode, &tool_name);
        let doc = parse(&yaml).expect("parse should succeed");
        let n1 = normalize(doc);
        let n2 = normalize(n1.clone());
        prop_assert!(docs_equal(&n1, &n2),
            "normalize not idempotent for single-phase form with mode={}", mode);
    }

    #[test]
    fn multi_phase_idempotent(
        mode in arb_mode(),
        tool_name in "[a-z]{2,8}",
    ) {
        let yaml = build_multi_phase_doc(&mode, &tool_name);
        let doc = parse(&yaml).expect("parse should succeed");
        let n1 = normalize(doc);
        let n2 = normalize(n1.clone());
        prop_assert!(docs_equal(&n1, &n2),
            "normalize not idempotent for multi-phase form with mode={}", mode);
    }

    #[test]
    fn multi_actor_idempotent(
        mode in arb_mode(),
        tool_name in "[a-z]{2,8}",
    ) {
        let yaml = build_multi_actor_doc(&mode, &tool_name);
        let doc = parse(&yaml).expect("parse should succeed");
        let n1 = normalize(doc);
        let n2 = normalize(n1.clone());
        prop_assert!(docs_equal(&n1, &n2),
            "normalize not idempotent for multi-actor form with mode={}", mode);
    }

    // After normalization, single-phase/multi-phase forms are converted to actors form
    #[test]
    fn single_phase_becomes_actors(
        mode in arb_mode(),
        tool_name in "[a-z]{2,8}",
    ) {
        let yaml = build_single_phase_doc(&mode, &tool_name);
        let doc = parse(&yaml).expect("parse should succeed");
        let normalized = normalize(doc);
        prop_assert!(normalized.attack.execution.actors.is_some(),
            "single-phase should normalize to actors form");
        prop_assert!(normalized.attack.execution.state.is_none(),
            "single-phase state should be cleared after normalization");
    }

    #[test]
    fn multi_phase_becomes_actors(
        mode in arb_mode(),
        tool_name in "[a-z]{2,8}",
    ) {
        let yaml = build_multi_phase_doc(&mode, &tool_name);
        let doc = parse(&yaml).expect("parse should succeed");
        let normalized = normalize(doc);
        prop_assert!(normalized.attack.execution.actors.is_some(),
            "multi-phase should normalize to actors form");
        prop_assert!(normalized.attack.execution.phases.is_none(),
            "multi-phase phases should be cleared after normalization");
    }

    // N-001 defaults are applied
    #[test]
    fn defaults_applied(
        mode in arb_mode(),
        tool_name in "[a-z]{2,8}",
    ) {
        let yaml = build_multi_phase_doc(&mode, &tool_name);
        let doc = parse(&yaml).expect("parse should succeed");
        let normalized = normalize(doc);
        prop_assert_eq!(normalized.attack.name.as_deref(), Some("Untitled"));
        prop_assert_eq!(normalized.attack.version, Some(1));
        prop_assert_eq!(normalized.attack.status, Some(oatf::enums::Status::Draft));
    }

    // N-002 severity scalar → object expansion
    #[test]
    fn severity_expanded(
        mode in arb_mode(),
        severity in arb_severity(),
        surface in arb_surface(),
    ) {
        let yaml = build_doc_with_indicators(&mode, &surface, &severity);
        let doc = parse(&yaml).expect("parse should succeed");
        let normalized = normalize(doc);
        if let Some(ref sev) = normalized.attack.severity {
            match sev {
                oatf::types::Severity::Object { confidence, .. } => {
                    prop_assert_eq!(*confidence, Some(50),
                        "severity.confidence should default to 50");
                }
                oatf::types::Severity::Scalar(_) => {
                    prop_assert!(false, "severity should be expanded to object form");
                }
            }
        }
    }

    // N-003 indicator IDs auto-generated
    #[test]
    fn indicator_ids_generated(
        mode in arb_mode(),
        surface in arb_surface(),
        severity in arb_severity(),
    ) {
        let yaml = build_doc_with_indicators(&mode, &surface, &severity);
        let doc = parse(&yaml).expect("parse should succeed");
        let normalized = normalize(doc);
        if let Some(indicators) = &normalized.attack.indicators {
            for ind in indicators {
                prop_assert!(ind.id.is_some(), "indicator should have auto-generated id");
            }
        }
    }

    // Serialized normalized doc can be re-parsed
    #[test]
    fn normalized_is_reparseable(
        mode in arb_mode(),
        tool_name in "[a-z]{2,8}",
    ) {
        let yaml = build_multi_phase_doc(&mode, &tool_name);
        let doc = parse(&yaml).expect("parse should succeed");
        let normalized = normalize(doc);
        let serialized = serialize(&normalized).expect("serialize should succeed");
        let reparsed = parse(&serialized);
        prop_assert!(reparsed.is_ok(),
            "re-parsing normalized document failed: {:?}", reparsed.err());
    }
}