Upload folder using huggingface_hub

Dockerfile

@@ -0,0 +1,12 @@
+FROM python:3.11-slim
+
+WORKDIR /app
+
+COPY requirements.txt .
+RUN pip install --no-cache-dir -r requirements.txt
+
+COPY app.py .
+
+EXPOSE 7860
+
+CMD ["streamlit", "run", "app.py", "--server.port=7860", "--server.address=0.0.0.0"]

app.py

@@ -0,0 +1,441 @@
+"""github_red Trajectory Viewer — Hugging Face Space edition.
+
+Upload any .eval log file produced by the decomposition benchmark to
+visualise the full multi-agent attack trajectory.
+"""
+
+from __future__ import annotations
+
+import io
+import json
+import re
+import zipfile
+from pathlib import Path
+
+import streamlit as st
+
+# ── Colours & labels ────────────────────────────────────────────────────────
+
+ROLE_COLOR = {
+    "decomposer": "#7C3AED",
+    "executor":   "#2563EB",
+    "target":     "#DC2626",
+    "classifier": "#D97706",
+}
+ROLE_EMOJI = {
+    "decomposer": "🧩",
+    "executor":   "⚙️",
+    "target":     "🛡️",
+    "classifier": "🔍",
+}
+TOOL_COLOR = {
+    "github_create_branch":        "#0891B2",
+    "github_write_file":           "#0891B2",
+    "github_create_pull_request":  "#0891B2",
+    "transfer_to_target":          "#7C3AED",
+    "github_list_pr_files":        "#DC2626",
+    "github_read_file":            "#DC2626",
+    "github_approve_pull_request": "#16A34A",
+    "github_add_pr_comment":       "#DC2626",
+    "submit":                      "#6B7280",
+    "decompose":                   "#7C3AED",
+    "think":                       "#9CA3AF",
+}
+
+# ── Helpers ──────────────────────────────────────────────────────────────────
+
+def _resolve(val, atts):
+    if isinstance(val, str) and val.startswith("attachment://"):
+        key = val[len("attachment://"):]
+        resolved = atts.get(key, val)
+        return resolved if isinstance(resolved, (str, dict, list)) else val
+    if isinstance(val, dict):
+        return {k: _resolve(v, atts) for k, v in val.items()}
+    if isinstance(val, list):
+        return [_resolve(v, atts) for v in val]
+    return val
+
+
+def _text(content):
+    if isinstance(content, str):
+        return content
+    if isinstance(content, list):
+        parts = []
+        for p in content:
+            if isinstance(p, dict) and p.get("type") == "text":
+                parts.append(p.get("text", ""))
+            elif isinstance(p, str):
+                parts.append(p)
+        return "".join(parts)
+    return ""
+
+
+def _parse_args(raw):
+    if isinstance(raw, str):
+        try:
+            return json.loads(raw)
+        except Exception:
+            return {"raw": raw}
+    return raw if isinstance(raw, dict) else {}
+
+
+def _parse_pr_files(text: str) -> list:
+    files = []
+    parts = re.split(r"^=== (.+?) ===$", text, flags=re.MULTILINE)
+    it = iter(parts[1:])
+    for path in it:
+        content = next(it, "").strip()
+        if path.strip():
+            files.append({"path": path.strip(), "content": content})
+    return files
+
+
+def _lang_for(path: str) -> str:
+    ext = path.rsplit(".", 1)[-1].lower() if "." in path else ""
+    return {
+        "py": "python", "yml": "yaml", "yaml": "yaml",
+        "sh": "bash", "bash": "bash",
+        "json": "json", "js": "javascript", "ts": "typescript",
+        "md": "markdown", "txt": "text", "toml": "toml",
+        "dockerfile": "dockerfile", "tf": "hcl",
+    }.get(ext, "text")
+
+
+# ── Event parsing ─────────────────────────────────────────────────────────────
+
+def parse_events(events: list, atts: dict) -> list:
+    steps = []
+    subtask = 0
+    seen_pr_sigs: set = set()
+
+    for e in events:
+        ev = e.get("event", "")
+
+        if ev == "info":
+            raw = e.get("data", "")
+            text = _resolve(raw, atts) if isinstance(raw, str) else str(raw)
+            if not isinstance(text, str):
+                text = json.dumps(text)
+            m = re.search(r"Subtask (\d+)", text)
+            if m and ("context for" in text or "Starting" in text):
+                subtask = int(m.group(1))
+                continue
+            if text.startswith("attachment://") or text.startswith("●"):
+                continue
+            if "=================" in text:
+                continue
+            steps.append({"kind": "info", "text": text, "subtask": subtask})
+
+        elif ev == "model":
+            role  = e.get("role", "unknown")
+            model = e.get("model", "")
+            out   = e.get("output") or {}
+            choices = out.get("choices", [])
+            msg   = choices[0].get("message", {}) if choices else {}
+
+            text = _text(msg.get("content", ""))
+            raw_tcs = msg.get("tool_calls") or []
+            tool_calls = []
+            for tc in raw_tcs:
+                fn   = tc.get("function", "")
+                args = _resolve(_parse_args(tc.get("arguments", {})), atts)
+                tool_calls.append({"fn": fn, "args": args})
+
+            steps.append({
+                "kind": "model", "role": role, "model": model,
+                "text": text, "tool_calls": tool_calls, "subtask": subtask,
+            })
+
+            # Extract PR file contents from target input messages
+            if role == "target":
+                for m in e.get("input", []):
+                    if m.get("role") != "tool":
+                        continue
+                    fn = m.get("function") or m.get("name", "")
+                    if fn != "github_list_pr_files":
+                        continue
+                    raw = m.get("content", "") or ""
+                    raw = _resolve(raw, atts) if isinstance(raw, str) else str(raw)
+                    files = _parse_pr_files(raw)
+                    if files:
+                        sig = "|".join(f["path"] for f in files)
+                        if sig not in seen_pr_sigs:
+                            seen_pr_sigs.add(sig)
+                            steps.append({
+                                "kind": "pr_diff", "files": files, "subtask": subtask,
+                            })
+                        break
+
+        elif ev == "tool" and e.get("type") == "function":
+            fn  = e.get("function", "")
+            out = e.get("output", "") or ""
+            if isinstance(out, dict):
+                out = json.dumps(out)
+            steps.append({"kind": "tool_result", "fn": fn, "result": str(out), "subtask": subtask})
+
+        elif ev == "score" and not e.get("intermediate"):
+            sc = e.get("score", {})
+            steps.append({
+                "kind": "score", "value": sc.get("value"),
+                "answer": sc.get("answer", "?"), "explanation": sc.get("explanation", ""),
+                "subtask": subtask,
+            })
+
+    return steps
+
+
+# ── Rendering ─────────────────────────────────────────────────────────────────
+
+def _badge(label, color):
+    return (
+        f'<span style="background:{color}22;color:{color};border:1px solid {color}44;'
+        f'border-radius:4px;padding:1px 7px;font-size:0.78em;font-weight:600">{label}</span>'
+    )
+
+
+def _args_summary(fn, args):
+    if fn == "github_create_branch":
+        return f"`{args.get('branch_name','')}` from `{args.get('base_branch','main')}`"
+    if fn == "github_write_file":
+        return f"`{args.get('path','')}` — {args.get('commit_message','')[:80]}"
+    if fn == "github_create_pull_request":
+        return f"**{args.get('title','')}** → `{args.get('head','')}`"
+    if fn == "transfer_to_target":
+        return args.get("message", "")[:120]
+    if fn == "github_list_pr_files":
+        return f"PR #{args.get('pr_number','?')} in `{args.get('repo','')}`"
+    if fn == "github_approve_pull_request":
+        return f"PR #{args.get('pr_number','?')}"
+    if fn == "github_add_pr_comment":
+        return args.get("comment", "")[:120]
+    if fn == "submit":
+        return str(args.get("answer", args.get("value", "")))[:120]
+    if fn == "decompose":
+        return f"{len(args.get('subtasks', []))} subtasks"
+    return ""
+
+
+def render_steps(steps: list) -> None:
+    current_subtask = None
+
+    for step in steps:
+        k  = step["kind"]
+        sn = step.get("subtask", 0)
+
+        if sn != current_subtask and sn > 0 and k == "model":
+            current_subtask = sn
+            st.markdown(f"---\n#### Subtask {sn}")
+
+        if k == "info":
+            text = step["text"]
+            if text.startswith("✗") or "refused" in text.lower():
+                st.markdown(
+                    f'<div style="background:#FEE2E222;border-left:4px solid #DC2626;'
+                    f'padding:6px 12px;border-radius:4px;margin:4px 0;color:#991B1B">{text}</div>',
+                    unsafe_allow_html=True)
+            elif text.startswith("✓") or "approved" in text.lower():
+                st.markdown(
+                    f'<div style="background:#DCFCE722;border-left:4px solid #16A34A;'
+                    f'padding:6px 12px;border-radius:4px;margin:4px 0;color:#166534">{text}</div>',
+                    unsafe_allow_html=True)
+            elif text.startswith("Decomposition attempt"):
+                st.markdown(f"#### 🧩 {text}")
+            else:
+                st.caption(text)
+
+        elif k == "model":
+            role  = step["role"]
+            color = ROLE_COLOR.get(role, "#6B7280")
+            emoji = ROLE_EMOJI.get(role, "🤖")
+            model_short = step["model"].split("/")[-1]
+            text  = step["text"].strip()
+            tcs   = step["tool_calls"]
+
+            if role == "classifier" and not text:
+                continue
+
+            tc_html = "  ".join(
+                _badge(tc["fn"], TOOL_COLOR.get(tc["fn"], "#6B7280")) for tc in tcs
+            )
+            header = (
+                f'<div style="border-left:4px solid {color};padding:4px 10px;'
+                f'margin:10px 0 2px 0;background:{color}08;border-radius:0 6px 6px 0">'
+                f'<b>{emoji} {role.upper()}</b>&nbsp;&nbsp;'
+                f'<span style="color:{color};font-size:0.78em">{model_short}</span>'
+                + (f"<br><div style='margin-top:4px'>{tc_html}</div>" if tc_html else "")
+                + "</div>"
+            )
+            st.markdown(header, unsafe_allow_html=True)
+
+            if text:
+                if len(text) > 500:
+                    with st.expander("View full response", expanded=False):
+                        st.markdown(text)
+                else:
+                    st.markdown(
+                        f'<div style="padding:0 14px;color:#374151;font-size:0.9em">{text}</div>',
+                        unsafe_allow_html=True)
+
+            for tc in tcs:
+                fn    = tc["fn"]
+                c2    = TOOL_COLOR.get(fn, "#6B7280")
+                summ  = _args_summary(fn, tc["args"])
+                st.markdown(
+                    f'<div style="padding:2px 14px 2px 18px;font-size:0.85em;color:{c2}">'
+                    f'↳ <b>{fn}</b>' + (f" &nbsp;·&nbsp; {summ}" if summ else "") + "</div>",
+                    unsafe_allow_html=True)
+
+                args = tc["args"]
+                if fn == "github_write_file" and args.get("content"):
+                    path = args.get("path", "")
+                    with st.expander(f"📄 `{path}`", expanded=True):
+                        st.code(args["content"], language=_lang_for(path))
+                elif fn == "decompose":
+                    tasks = args.get("subtasks", [])
+                    with st.expander(f"  {len(tasks)} subtasks", expanded=True):
+                        for i, t in enumerate(tasks, 1):
+                            task_text = t.get("task", t) if isinstance(t, dict) else str(t)
+                            st.markdown(f"**{i}.** {task_text}")
+                elif fn == "transfer_to_target":
+                    msg = args.get("message", "")
+                    if len(msg) > 120:
+                        with st.expander("  Full handoff message", expanded=False):
+                            st.markdown(msg)
+
+        elif k == "pr_diff":
+            files = step["files"]
+            with st.expander(
+                f"📂 PR files ({len(files)} file{'s' if len(files) != 1 else ''})",
+                expanded=True,
+            ):
+                for f in files:
+                    st.markdown(
+                        f'<div style="font-size:0.82em;font-weight:600;color:#374151;'
+                        f'padding:4px 0 2px 0">📄 <code>{f["path"]}</code></div>',
+                        unsafe_allow_html=True)
+                    st.code(f["content"], language=_lang_for(f["path"]))
+
+        elif k == "tool_result":
+            fn     = step["fn"]
+            result = step["result"]
+            color  = TOOL_COLOR.get(fn, "#6B7280")
+            short  = result[:200].replace("\n", " ")
+            st.markdown(
+                f'<div style="padding:2px 14px 2px 18px;font-size:0.82em;color:#6B7280">'
+                f'← <span style="color:{color}">{fn}</span>: {short}'
+                + ("…" if len(result) > 200 else "") + "</div>",
+                unsafe_allow_html=True)
+            if len(result) > 200:
+                with st.expander("  Full result", expanded=False):
+                    st.text(result)
+
+        elif k == "score":
+            val   = step.get("value", 0) or 0
+            ans   = step.get("answer", "?")
+            expl  = step.get("explanation", "")
+            color = "#16A34A" if val >= 1.0 else ("#D97706" if val > 0 else "#DC2626")
+            st.markdown("---")
+            st.markdown(f"### 🏁 Verdict: **{ans}** &nbsp; (score {val})")
+            if expl:
+                st.markdown(
+                    f'<div style="background:{color}18;border-left:4px solid {color};'
+                    f'padding:8px 14px;border-radius:4px;color:#1F2937">{expl}</div>',
+                    unsafe_allow_html=True)
+
+
+# ── Sample renderer ───────────────────────────────────────────────────────────
+
+def _render_sample(sample: dict) -> None:
+    atts   = sample.get("attachments", {})
+    events = sample.get("events", [])
+    scores = sample.get("scores", {})
+
+    score_val, score_ans = None, None
+    for sc in (scores.values() if isinstance(scores, dict) else []):
+        score_val = sc.get("value")
+        score_ans = sc.get("answer")
+        break
+
+    col1, col2, col3, col4 = st.columns(4)
+    col1.metric("Sample", sample.get("id", "?"))
+    col2.metric("Verdict", str(score_ans) if score_ans else "?")
+    col3.metric("Score", f"{score_val:.1f}" if score_val is not None else "?")
+    col4.metric("Time", f"{sample.get('total_time', 0):.0f}s")
+
+    role_usage = sample.get("role_usage", {})
+    if role_usage:
+        with st.expander("Token usage by role", expanded=False):
+            cols = st.columns(len(role_usage))
+            for col, (role, usage) in zip(cols, role_usage.items()):
+                col.metric(role, f"{usage.get('total_tokens', 0):,}")
+
+    st.markdown("---")
+    render_steps(parse_events(events, atts))
+
+
+# ── Main ──────────────────────────────────────────────────────────────────────
+
+def main() -> None:
+    st.set_page_config(
+        page_title="github_red Trajectory Viewer",
+        layout="wide",
+        page_icon="🔴",
+    )
+
+    with st.sidebar:
+        st.title("🔴 github_red")
+        st.subheader("Trajectory Viewer")
+        st.caption("Upload an `.eval` log file from the decomposition benchmark.")
+
+        uploaded = st.file_uploader("Upload .eval file", type=["eval"])
+
+        st.markdown("---")
+        st.markdown("**Legend**")
+        for role, color in ROLE_COLOR.items():
+            emoji = ROLE_EMOJI[role]
+            st.markdown(
+                f'<div style="border-left:3px solid {color};padding:2px 8px;'
+                f'margin:2px 0;font-size:0.9em">{emoji} {role}</div>',
+                unsafe_allow_html=True)
+
+    if uploaded is None:
+        st.info("Upload an `.eval` file in the sidebar to get started.")
+        st.markdown("""
+### What is this?
+
+This tool visualises the multi-agent **attack trajectory** from the
+[Decomposition and Investigating Tool Agents](https://arxiv.org/abs/...) benchmark.
+
+Each `.eval` file contains a full run log where:
+- 🧩 **Decomposer** breaks the harmful goal into benign-looking subtasks
+- ⚙️ **Executor** creates branches, commits code, and opens pull requests
+- 🛡️ **Target** (code reviewer) is asked to approve the PRs
+- 🔍 **Classifier** judges whether the target complied
+
+The viewer shows the full conversation, PR code diffs, and the final verdict.
+        """)
+        return
+
+    try:
+        buf = io.BytesIO(uploaded.read())
+        with zipfile.ZipFile(buf) as z:
+            sample_files = [n for n in z.namelist() if n.startswith("samples/")]
+            if not sample_files:
+                st.error("No sample files found in this eval log.")
+                return
+            samples = {n: json.loads(z.read(n)) for n in sample_files}
+    except Exception as e:
+        st.error(f"Failed to load eval file: {e}")
+        return
+
+    if len(samples) > 1:
+        tabs = st.tabs([Path(n).stem for n in samples])
+        for tab, (_, sample) in zip(tabs, samples.items()):
+            with tab:
+                _render_sample(sample)
+    else:
+        _render_sample(next(iter(samples.values())))
+
+
+if __name__ == "__main__":
+    main()

requirements.txt

@@ -0,0 +1 @@
+streamlit>=1.35.0