AegisLM Red Team API
Production-ready SaaS backend for AI red team evaluations and security assessments.
🚀 Overview
This backend system converts the existing AI red team pipeline into a scalable, API-driven SaaS platform with:
- Authentication System: JWT-based user auth with signup/login
- API Key Management: Secure API key generation and validation
- Evaluation API: Async AI evaluation processing with Celery
- Results API: Comprehensive result storage and analysis
- Benchmark API: Multi-model comparison and leaderboard
- Production Features: Rate limiting, security headers, monitoring
🏗️ Architecture
backend/
├── api/
│ ├── routes/ # API endpoints
│ └── dependencies/ # Dependency injection
├── core/ # Core configuration
├── models/ # Database models
├── schemas/ # Pydantic schemas
├── services/ # Business logic layer
├── workers/ # Celery workers
├── tasks/ # Background tasks
├── middleware/ # Custom middleware
├── main.py # FastAPI application
└── requirements.txt # Dependencies
🛠️ Tech Stack
- Framework: FastAPI with async support
- Database: PostgreSQL with SQLAlchemy
- Cache/Queue: Redis + Celery
- Authentication: JWT tokens + API keys
- Validation: Pydantic models
- Security: Rate limiting, CORS, security headers
📋 Features
🔐 Authentication
- User registration and login
- JWT token generation and validation
- Password hashing with bcrypt
- API key generation per user
🚀 Evaluation System
- Async evaluation processing
- Job tracking with status updates
- Configurable attack types and parameters
- Integration with existing AI pipeline
📊 Results Management
- Comprehensive result storage
- Export functionality (JSON, CSV)
- Result comparison and analytics
- Performance metrics
🏆 Benchmark System
- Multi-model comparison
- Leaderboard generation
- Risk profiling
- Statistical analysis
⚡ Production Features
- Rate limiting with Redis
- Security headers middleware
- Request logging and monitoring
- Health check endpoints
- Error handling and validation
🚀 Getting Started
Prerequisites
- Python 3.8+
- PostgreSQL
- Redis
- Docker (optional)
Installation
- Clone and install dependencies:
cd backend
pip install -r requirements.txt
- Set up environment variables:
cp .env.example .env
# Edit .env with your configuration
- Database setup:
# Create database
createdb aegislm
# Run migrations (if using Alembic)
alembic upgrade head
- Start Redis:
redis-server
- Start Celery worker:
celery -A workers.celery_worker worker --loglevel=info
- Start the API server:
uvicorn main:app --reload --host 0.0.0.0 --port 8000
Docker Setup
# Build and run with Docker Compose
docker-compose up -d
📚 API Documentation
Once running, visit:
- Swagger UI:
http://localhost:8000/docs - ReDoc:
http://localhost:8000/redoc
Core Endpoints
Authentication
POST /api/v1/auth/signup- User registrationPOST /api/v1/auth/login- User loginGET /api/v1/auth/me- Get current user
Evaluations
POST /api/v1/evaluations/- Create evaluationGET /api/v1/evaluations/- List evaluationsGET /api/v1/evaluations/{id}- Get evaluationPOST /api/v1/evaluations/{id}/cancel- Cancel evaluation
Results
GET /api/v1/results/job/{job_id}- Get resultGET /api/v1/results/- List resultsPOST /api/v1/results/job/{job_id}/export- Export result
Benchmarks
POST /api/v1/benchmarks/- Create benchmarkGET /api/v1/benchmarks/{id}/status- Get benchmark statusGET /api/v1/benchmarks/{id}/result- Get benchmark result
🔧 Configuration
Environment Variables
# Application
APP_NAME="AegisLM Red Team API"
DEBUG=false
API_V1_STR="/api/v1"
# Security
SECRET_KEY="your-secret-key-here"
ACCESS_TOKEN_EXPIRE_MINUTES=30
# Database
DATABASE_URL="postgresql://user:pass@localhost/aegislm"
# Redis
REDIS_URL="redis://localhost:6379/0"
# Rate Limiting
RATE_LIMIT_PER_MINUTE=60
RATE_LIMIT_BURST=10
🧪 Testing
# Run tests
pytest
# Run with coverage
pytest --cov=.
# Run specific test file
pytest tests/test_auth.py
📊 Monitoring
Health Checks
GET /health- Overall system healthGET /metrics- Basic metricsGET /api/v1/status- API status
Logging
- Request/response logging
- Error tracking
- Performance metrics
🔒 Security Features
- Rate Limiting: Redis-based sliding window
- Authentication: JWT + API key support
- Security Headers: XSS, CSRF protection
- Input Validation: Pydantic schemas
- Password Security: Bcrypt hashing
🚀 Deployment
Production Setup
- Environment Configuration:
export DEBUG=false
export SECRET_KEY="production-secret-key"
export DATABASE_URL="postgresql://prod_user:pass@db_host/aegislm"
- Database Migrations:
alembic upgrade head
- Start Services:
# Start Celery workers
celery -A workers.celery_worker worker --loglevel=info
# Start API server
gunicorn main:app -w 4 -k uvicorn.workers.UvicornWorker
Docker Deployment
# Build image
docker build -t aegislm-api .
# Run container
docker run -d \
--name aegislm-api \
-p 8000:8000 \
-e DATABASE_URL=$DATABASE_URL \
-e REDIS_URL=$REDIS_URL \
aegislm-api
📈 Performance
- Async Processing: FastAPI + async/await
- Connection Pooling: SQLAlchemy connection pools
- Caching: Redis for rate limiting and results
- Background Tasks: Celery for evaluation processing
🔄 Integration with AI Engine
The backend integrates seamlessly with the existing red team pipeline:
# Service layer integration
from ai.pipelines.redteam_pipeline import run_redteam_pipeline
# Celery task execution
pipeline_result = run_redteam_pipeline(model, config, job_id)
🛠️ Development
Code Quality
# Code formatting
black .
isort .
# Linting
flake8 .
# Type checking
mypy .
Adding New Features
- Add Models: Define in
models/ - Add Schemas: Define in
schemas/ - Add Services: Implement in
services/ - Add Routes: Define in
api/routes/ - Add Tests: Write in
tests/
📝 License
This project is part of the AegisLM Red Team Engine.
🤝 Contributing
- Fork the repository
- Create a feature branch
- Make your changes
- Add tests
- Submit a pull request
📞 Support
For support and questions:
- Create an issue in the repository
- Check the API documentation
- Review the code comments
Built with ❤️ for secure AI evaluation