merges from the other branch

.github/workflows/ci.yml

@@ -0,0 +1,45 @@
+name: CI
+
+on:
+  push:
+    branches: [main, benchmark-core]
+  pull_request:
+    branches: [main]
+  workflow_dispatch:
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    timeout-minutes: 20
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.11"
+
+      - name: Install package and test dependencies
+        run: |
+          python -m pip install --upgrade pip
+          python -m pip install -e .[dev]
+
+      - name: Run pre-submission check
+        run: |
+          python pre_submission_check.py
+
+      - name: Run benchmark test suite
+        run: |
+          python -m unittest discover -s tests
+
+  docker-build:
+    runs-on: ubuntu-latest
+    timeout-minutes: 30
+    needs: test
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@v4
+
+      - name: Build container image
+        run: docker build -t idpi-exfil-env .

.github/workflows/sync.yml

@@ -7,14 +7,23 @@ on:
 jobs:
   sync-to-hub:
     runs-on: ubuntu-latest
+    if: ${{ secrets.HF_TOKEN != '' }}
     steps:
-      - uses: actions/checkout@v3
+      - name: Check out repository
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
           lfs: true
+      - name: Configure git identity
+        run: |
+          git config user.name "github-actions[bot]"
+          git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
       - name: Push to hub
         env:
           HF_TOKEN: ${{ secrets.HF_TOKEN }}
+          HF_SPACE_REPO: ${{ vars.HF_SPACE_REPO }}
         run: |
-          # Change 'KumarChad' and 'Prompt_Injection_env' if your names are different!
-          git push --force https://KumarChad:${{ secrets.HF_TOKEN }}@huggingface.co/spaces/KumarChad/Prompt_Injection_env main
+          if [ -z "$HF_SPACE_REPO" ]; then
+            HF_SPACE_REPO="KumarChad/Prompt_Injection_env"
+          fi
+          git push --force "https://hf_user:${HF_TOKEN}@huggingface.co/spaces/${HF_SPACE_REPO}" HEAD:main

Dockerfile

@@ -58,10 +58,6 @@ ENV PYTHONPATH="/app/env:$PYTHONPATH"
 ENV PYTHONUNBUFFERED=1
 ENV ENABLE_WEB_INTERFACE=true
 
-# Never bake API key into image — must be passed at runtime
-# docker run --env OPENAI_API_KEY=sk-... idpi-exfil-env
-ENV OPENAI_API_KEY=""
-
 # Expose port
 EXPOSE 8000
 
@@ -70,5 +66,6 @@ HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
     CMD python -c "import urllib.request; urllib.request.urlopen('http://localhost:8000/health')" || exit 1
 
 # Default: start server
-# Override with: docker run --env OPENAI_API_KEY=sk-... idpi-exfil-env python run_baseline.py
-CMD ["sh", "-c", "cd /app/env && uvicorn server.app:app --host 0.0.0.0 --port 8000"]
+# Runtime inference credentials should be passed when needed via
+# API_BASE_URL, MODEL_NAME, and HF_TOKEN.
+CMD ["sh", "-c", "cd /app/env && uvicorn server.app:app --host 0.0.0.0 --port 8000"]

README.md

@@ -50,17 +50,12 @@ The API starts on `http://localhost:7860`.
 
 ### Run the evaluation runner
 
-Create a `.env` in the project root with your Gemini API key:
-
-```bash
-GEMINI_API_KEY=your_gemini_api_key_here
-MODEL_NAME=gemini-2.5-flash
-```
-
-By default, the runner uses Google's OpenAI-compatible Gemini endpoint:
+Create a `.env` in the project root with the submission-compatible inference variables:
 
 ```bash
 API_BASE_URL=https://generativelanguage.googleapis.com/v1beta/openai/
+MODEL_NAME=gemini-2.5-flash
+HF_TOKEN=your_gemini_api_key_here
 ```
 
 Then run:
@@ -77,6 +72,7 @@ python baseline/run_baseline.py
 ```
 
 All three commands use the same unified runner and write results to `baseline/baseline_results.json`.
+For submission mode, `inference.py` validates `API_BASE_URL`, `MODEL_NAME`, and `HF_TOKEN`, then delegates to the benchmark runner using the OpenAI client path.
 
 ## Using the HTTP API
 
@@ -118,6 +114,15 @@ state = requests.get("http://localhost:7860/state").json()
 episode_result = requests.get("http://localhost:7860/result").json()
 ```
 
+Additional discovery endpoints are also available:
+
+```python
+import requests
+
+metadata = requests.get("http://localhost:7860/metadata").json()
+schema = requests.get("http://localhost:7860/schema").json()
+```
+
 ## Environment Overview
 
 ### Task model
@@ -163,11 +168,16 @@ Typical safe behavior includes:
 
 ### Endpoints
 
+- `GET /`
+- `GET /web`
 - `GET /health`
+- `GET /metadata`
+- `GET /schema`
 - `POST /reset`
 - `POST /step`
 - `GET /state`
 - `GET /result`
+- `POST /mcp`
 
 ## Evaluation
 
@@ -195,10 +205,8 @@ Results are written to [baseline/baseline_results.json](/C:/Users/Admin/Desktop/
 These values can be set in `.env`:
 
 ```bash
-EPISODES_PER_SCENARIO=1
-MAX_TOKENS=200
-TEMPERATURE=0.0
-REQUEST_DELAY_SECONDS=3.0
+EPISODES_PER_DIFFICULTY=1
+BASELINE_RESULTS_PATH=baseline/submission_results.json
 ```
 
 ## Development
@@ -238,12 +246,33 @@ Prompt-injection-env/
 - [env/environment.py](/C:/Users/Admin/Desktop/My%20projects/Prompt-injection-env/env/environment.py)
   Main episode lifecycle, action handling, reward plumbing, and result assembly.
 - [server/app.py](/C:/Users/Admin/Desktop/My%20projects/Prompt-injection-env/server/app.py)
-  FastAPI wrapper exposing the environment over HTTP.
+  FastAPI wrapper exposing the environment over HTTP, including health, metadata, schema, and benchmark endpoints.
 - [inference.py](/C:/Users/Admin/Desktop/My%20projects/Prompt-injection-env/inference.py)
-  Canonical evaluation runner used by both inference and baseline wrappers.
+  Submission-facing inference entrypoint that validates the required env vars and delegates to the benchmark runner.
 - [openenv.yaml](/C:/Users/Admin/Desktop/My%20projects/Prompt-injection-env/openenv.yaml)
   Environment metadata for OpenEnv packaging and deployment.
 
+### Pre-submission checks
+
+Run the local validator before pushing a submission:
+
+```bash
+python pre_submission_check.py
+```
+
+If you only want structural checks without starting a local server:
+
+```bash
+python pre_submission_check.py --skip-runtime
+```
+
+### CI and sync
+
+The repo now includes GitHub workflows for:
+
+- continuous integration in [.github/workflows/ci.yml](/C:/Users/Admin/Desktop/My%20projects/Prompt-injection-env/.github/workflows/ci.yml)
+- syncing `main` to Hugging Face Spaces in [.github/workflows/sync.yml](/C:/Users/Admin/Desktop/My%20projects/Prompt-injection-env/.github/workflows/sync.yml)
+
 ### Local Python usage
 
 You can exercise the environment directly without starting the server:
@@ -263,4 +292,4 @@ print(reward)
 
 - The environment terminates early on unsafe exfiltration events.
 - Hard tasks require a clean internal summary that excludes attacker-controlled content.
-- The unified runner now uses Gemini only and requires `GEMINI_API_KEY`.
+- Gemini works through the submission-compatible OpenAI client path by setting `API_BASE_URL`, `MODEL_NAME`, and `HF_TOKEN`.