FEAT Migrate consumers to TargetConfiguration capability checks

doc/code/targets/1_openai_chat_target.ipynb

@@ -22,8 +22,27 @@
      "name": "stdout",
      "output_type": "stream",
      "text": [
-      "Found default environment files: ['./.pyrit/.env']\n",
-      "Loaded environment file: ./.pyrit/.env\n",
+      "Found default environment files: ['./.pyrit/.env']\n"
+     ]
+    },
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "Loaded environment file: ./.pyrit/.env\n"
+     ]
+    },
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "No new upgrade operations detected.\n"
+     ]
+    },
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
       "\n",
       "\u001b[34m────────────────────────────────────────────────────────────────────────────────────────────────────\u001b[0m\n",
       "\u001b[1m\u001b[34m🔹 Turn 1 - USER\u001b[0m\n",
@@ -108,7 +127,13 @@
      "output_type": "stream",
      "text": [
       "Found default environment files: ['./.pyrit/.env']\n",
-      "Loaded environment file: ./.pyrit/.env\n",
+      "Loaded environment file: ./.pyrit/.env\n"
+     ]
+    },
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
       "{\n",
       "  \"name\": \"Bob\",\n",
       "  \"age\": 32\n",
@@ -191,7 +216,13 @@
      "output_type": "stream",
      "text": [
       "Found default environment files: ['./.pyrit/.env']\n",
-      "Loaded environment file: ./.pyrit/.env\n",
+      "Loaded environment file: ./.pyrit/.env\n"
+     ]
+    },
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
       "\n",
       "\u001b[34m────────────────────────────────────────────────────────────────────────────────────────────────────\u001b[0m\n",
       "\u001b[1m\u001b[34m🔹 Turn 1 - USER\u001b[0m\n",
@@ -218,33 +249,31 @@
       "\u001b[33m────────────────────────────────────────────────────────────────────────────────────────────────────\u001b[0m\n",
       "\u001b[1m\u001b[33m🔸 ASSISTANT\u001b[0m\n",
       "\u001b[33m────────────────────────────────────────────────────────────────────────────────────────────────────\u001b[0m\n",
-      "\u001b[33m  This image is a labeled table titled \"PyRIT Components.\" It organizes information under two main\u001b[0m\n",
-      "\u001b[33m      sections: **Interface** and **Implementation**, which are further divided into five subsections:\u001b[0m\n",
-      "\u001b[33m      **Target**, **Datasets**, **Scoring Engine**, **Attack Strategy**, and **Memory**.\u001b[0m\n",
+      "\u001b[33m  This image displays a structure chart titled **\"PyRIT Components\"**. It outlines the components of\u001b[0m\n",
+      "\u001b[33m      the PyRIT system with two columns: **Interface** and **Implementation**. Each row contains\u001b[0m\n",
+      "\u001b[33m      different elements organized into categories. The categories are:\u001b[0m\n",
       "\u001b[33m  \u001b[0m\n",
-      "\u001b[33m    ### Description of the Components:\u001b[0m\n",
-      "\u001b[33m    1. **Target:**\u001b[0m\n",
+      "\u001b[33m    1. **Target**:\u001b[0m\n",
       "\u001b[33m       - **Local**: Local model (e.g., ONNX).\u001b[0m\n",
       "\u001b[33m       - **Remote**: API or web app.\u001b[0m\n",
       "\u001b[33m  \u001b[0m\n",
-      "\u001b[33m    2. **Datasets:**\u001b[0m\n",
+      "\u001b[33m    2. **Datasets**:\u001b[0m\n",
       "\u001b[33m       - **Static**: Prompts.\u001b[0m\n",
       "\u001b[33m       - **Dynamic**: Prompt templates.\u001b[0m\n",
       "\u001b[33m  \u001b[0m\n",
-      "\u001b[33m    3. **Scoring Engine:**\u001b[0m\n",
-      "\u001b[33m       - **PyRIT Itself**: Self-evaluation.\u001b[0m\n",
+      "\u001b[33m    3. **Scoring Engine**:\u001b[0m\n",
+      "\u001b[33m       - **PyRIT Itself**: Self Evaluation.\u001b[0m\n",
       "\u001b[33m       - **API**: Existing content classifiers.\u001b[0m\n",
       "\u001b[33m  \u001b[0m\n",
-      "\u001b[33m    4. **Attack Strategy:**\u001b[0m\n",
+      "\u001b[33m    4. **Attack Strategy**:\u001b[0m\n",
       "\u001b[33m       - **Single Turn**: Using static prompts.\u001b[0m\n",
       "\u001b[33m       - **Multi Turn**: Multiple conversations using prompt templates.\u001b[0m\n",
       "\u001b[33m  \u001b[0m\n",
-      "\u001b[33m    5. **Memory:**\u001b[0m\n",
+      "\u001b[33m    5. **Memory**:\u001b[0m\n",
       "\u001b[33m       - **Storage**: JSON, Database.\u001b[0m\n",
       "\u001b[33m       - **Utils**: Conversation, retrieval and storage, memory sharing, and data analysis.\u001b[0m\n",
       "\u001b[33m  \u001b[0m\n",
-      "\u001b[33m    The layout uses alternating shades of blue to visually distinguish the rows and includes brief\u001b[0m\n",
-      "\u001b[33m      descriptions of each component on the right-hand side of the table.\u001b[0m\n",
+      "\u001b[33m    The design uses shades of blue for differentiation, grouping related elements and categories.\u001b[0m\n",
       "\n",
       "\u001b[34m────────────────────────────────────────────────────────────────────────────────────────────────────\u001b[0m\n"
      ]
@@ -261,7 +290,7 @@
     "    PromptSendingAttack,\n",
     ")\n",
     "from pyrit.models import SeedGroup, SeedPrompt\n",
-    "from pyrit.prompt_target import OpenAIChatTarget, TargetCapabilities, TargetConfiguration\n",
+    "from pyrit.prompt_target import OpenAIChatTarget\n",
     "from pyrit.score import SelfAskTrueFalseScorer, TrueFalseQuestion\n",
     "from pyrit.setup import IN_MEMORY, initialize_pyrit_async\n",
     "\n",
@@ -273,34 +302,12 @@
     "chat_target = OpenAIChatTarget(\n",
     "    endpoint=endpoint,\n",
     "    api_key=api_key,\n",
-    "    # Override default (text-only) configuration to enable image input, multi-turn, and JSON output for this multi-modal example.\n",
-    "    custom_configuration=TargetConfiguration(\n",
-    "        capabilities=TargetCapabilities(\n",
-    "            supports_multi_turn=True,\n",
-    "            supports_json_output=True,\n",
-    "            supports_multi_message_pieces=True,\n",
-    "            input_modalities=frozenset(\n",
-    "                {frozenset({\"text\", \"image_path\"}), frozenset({\"image_path\"}), frozenset({\"text\"})}\n",
-    "            ),\n",
-    "        )\n",
-    "    ),\n",
     ")\n",
     "\n",
     "scorer = SelfAskTrueFalseScorer(\n",
     "    chat_target=OpenAIChatTarget(\n",
     "        endpoint=endpoint,\n",
     "        api_key=api_key,\n",
-    "        # The scorer also needs to read image responses; override configuration to support image input modalities.\n",
-    "        custom_configuration=TargetConfiguration(\n",
-    "            capabilities=TargetCapabilities(\n",
-    "                supports_multi_turn=True,\n",
-    "                supports_json_output=True,\n",
-    "                supports_multi_message_pieces=True,\n",
-    "                input_modalities=frozenset(\n",
-    "                    {frozenset({\"text\", \"image_path\"}), frozenset({\"image_path\"}), frozenset({\"text\"})}\n",
-    "                ),\n",
-    "            )\n",
-    "        ),\n",
     "    ),\n",
     "    true_false_question=TrueFalseQuestion(\n",
     "        true_description=\"The response describes the picture as an overview of PyRIT components.\"\n",

doc/code/targets/1_openai_chat_target.py

@@ -120,7 +120,7 @@
     PromptSendingAttack,
 )
 from pyrit.models import SeedGroup, SeedPrompt
-from pyrit.prompt_target import OpenAIChatTarget, TargetCapabilities, TargetConfiguration
+from pyrit.prompt_target import OpenAIChatTarget
 from pyrit.score import SelfAskTrueFalseScorer, TrueFalseQuestion
 from pyrit.setup import IN_MEMORY, initialize_pyrit_async
 
@@ -132,34 +132,12 @@
 chat_target = OpenAIChatTarget(
     endpoint=endpoint,
     api_key=api_key,
-    # Override default (text-only) configuration to enable image input, multi-turn, and JSON output for this multi-modal example.
-    custom_configuration=TargetConfiguration(
-        capabilities=TargetCapabilities(
-            supports_multi_turn=True,
-            supports_json_output=True,
-            supports_multi_message_pieces=True,
-            input_modalities=frozenset(
-                {frozenset({"text", "image_path"}), frozenset({"image_path"}), frozenset({"text"})}
-            ),
-        )
-    ),
 )
 
 scorer = SelfAskTrueFalseScorer(
     chat_target=OpenAIChatTarget(
         endpoint=endpoint,
         api_key=api_key,
-        # The scorer also needs to read image responses; override configuration to support image input modalities.
-        custom_configuration=TargetConfiguration(
-            capabilities=TargetCapabilities(
-                supports_multi_turn=True,
-                supports_json_output=True,
-                supports_multi_message_pieces=True,
-                input_modalities=frozenset(
-                    {frozenset({"text", "image_path"}), frozenset({"image_path"}), frozenset({"text"})}
-                ),
-            )
-        ),
     ),
     true_false_question=TrueFalseQuestion(
         true_description="The response describes the picture as an overview of PyRIT components."

doc/code/targets/3_openai_image_target.py

@@ -30,7 +30,7 @@
     ConsoleAttackResultPrinter,
     PromptSendingAttack,
 )
-from pyrit.prompt_target import OpenAIChatTarget, OpenAIImageTarget, TargetCapabilities, TargetConfiguration
+from pyrit.prompt_target import OpenAIChatTarget, OpenAIImageTarget
 from pyrit.score import SelfAskTrueFalseScorer, TrueFalseQuestion
 from pyrit.setup import IN_MEMORY, initialize_pyrit_async
 
@@ -41,35 +41,13 @@
     endpoint=image_endpoint,
     api_key=get_azure_openai_auth(image_endpoint),
     output_format="jpeg",
-    # Override default configuration to enable multi-turn, JSON output, and multi-modal input for this attack-with-scoring example.
-    custom_configuration=TargetConfiguration(
-        capabilities=TargetCapabilities(
-            supports_multi_turn=True,
-            supports_json_output=True,
-            supports_multi_message_pieces=True,
-            input_modalities=frozenset(
-                {frozenset({"text", "image_path"}), frozenset({"image_path"}), frozenset({"text"})}
-            ),
-        )
-    ),
 )
 
 chat_endpoint = os.environ["OPENAI_CHAT_ENDPOINT"]
 image_scorer = SelfAskTrueFalseScorer(
     chat_target=OpenAIChatTarget(
         endpoint=chat_endpoint,
         api_key=get_azure_openai_auth(chat_endpoint),
-        # The scorer needs to evaluate image responses; override configuration to support image input modalities.
-        custom_configuration=TargetConfiguration(
-            capabilities=TargetCapabilities(
-                supports_multi_turn=True,
-                supports_json_output=True,
-                supports_multi_message_pieces=True,
-                input_modalities=frozenset(
-                    {frozenset({"text", "image_path"}), frozenset({"image_path"}), frozenset({"text"})}
-                ),
-            )
-        ),
     ),
     true_false_question=TrueFalseQuestion(true_description="The response matches the objective {{objective}}"),
 )

pyrit/executor/attack/component/conversation_manager.py

@@ -20,7 +20,7 @@
 )
 from pyrit.prompt_normalizer.prompt_normalizer import PromptNormalizer
 from pyrit.prompt_target import PromptTarget
-from pyrit.prompt_target.common.prompt_chat_target import PromptChatTarget
+from pyrit.prompt_target.common.target_capabilities import CapabilityName
 
 if TYPE_CHECKING:
     from pyrit.executor.attack.core import AttackContext
@@ -242,7 +242,7 @@ def get_last_message(
     def set_system_prompt(
         self,
         *,
-        target: PromptChatTarget,
+        target: PromptTarget,
         conversation_id: str,
         system_prompt: str,
         labels: Optional[dict[str, str]] = None,
@@ -251,11 +251,16 @@ def set_system_prompt(
         Set or update the system prompt for a conversation.
 
         Args:
-            target: The chat target to set the system prompt on.
+            target: The target to set the system prompt on. Must handle the
+                SYSTEM_PROMPT capability (natively or via an ADAPT policy).
             conversation_id: Unique identifier for the conversation.
             system_prompt: The system prompt text.
             labels: Optional labels to associate with the system prompt.
+
+        Raises:
+            ValueError: If target cannot handle the SYSTEM_PROMPT capability.
         """
+        target.configuration.ensure_can_handle(capability=CapabilityName.SYSTEM_PROMPT)
         target.set_system_prompt(
             system_prompt=system_prompt,
             conversation_id=conversation_id,
@@ -283,7 +288,7 @@ async def initialize_context_async(
         3. Updates context.executed_turns for multi-turn attacks
         4. Sets context.next_message if there's an unanswered user message
 
-        For PromptChatTarget:
+        For chat-capable PromptTarget:
             - Adds prepended messages to memory with simulated_assistant role
             - All messages get new UUIDs
 
@@ -306,7 +311,7 @@ async def initialize_context_async(
 
         Raises:
             ValueError: If conversation_id is empty, or if prepended_conversation
-                requires a PromptChatTarget but target is not one.
+                requires a chat-capable PromptTarget but target is not one.
         """
         if not conversation_id:
             raise ValueError("conversation_id cannot be empty")
@@ -321,8 +326,11 @@ async def initialize_context_async(
             logger.debug(f"No prepended conversation for context initialization: {conversation_id}")
             return state
 
-        # Handle target type compatibility
-        is_chat_target = isinstance(target, PromptChatTarget)
+        # Targets that don't natively support editable history cannot consume a
+        # prepended multi-message conversation as-is — route them to the
+        # single-string fallback path. Type identity (PromptChatTarget) is a
+        # legacy signal for this; capability-based routing is the durable form.
+        is_chat_target = target.configuration.includes(capability=CapabilityName.EDITABLE_HISTORY)
         if not is_chat_target:
             return await self._handle_non_chat_target_async(
                 context=context,
@@ -366,8 +374,8 @@ async def _handle_non_chat_target_async(
 
         if config.non_chat_target_behavior == "raise":
             raise ValueError(
-                "prepended_conversation requires the objective target to be a PromptChatTarget. "
-                "Non-chat objective targets do not support conversation history. "
+                "prepended_conversation requires the objective target to be a chat-capable "
+                "PromptTarget. Non-chat objective targets do not support conversation history. "
                 "Use PrependedConversationConfig with non_chat_target_behavior='normalize_first_turn' "
                 "to normalize the conversation into the first message instead."
             )

pyrit/executor/attack/component/prepended_conversation_config.py

@@ -22,7 +22,7 @@ class PrependedConversationConfig:
     This class provides control over:
     - Which message roles should have request converters applied
     - How to normalize conversation history for non-chat objective targets
-    - What to do when the objective target is not a PromptChatTarget
+    - What to do when the objective target is not a chat-capable PromptTarget
     """
 
     # Roles for which request converters should be applied to prepended messages.
@@ -36,13 +36,13 @@ class PrependedConversationConfig:
     # ConversationContextNormalizer is used that produces "Turn N: User/Assistant" format.
     message_normalizer: Optional[MessageStringNormalizer] = None
 
-    # Behavior when the target is a PromptTarget but not a PromptChatTarget:
+    # Behavior when the target is a PromptTarget but not a chat-capable PromptTarget:
     # - "normalize_first_turn": Normalize the prepended conversation into a string and
     #   store it in ConversationState.normalized_prepended_context. This context will be
     #   prepended to the first message sent to the target. Uses objective_target_context_normalizer
     #   if provided, otherwise falls back to ConversationContextNormalizer.
     # - "raise": Raise a ValueError. Use this when prepended conversation history must be
-    #   maintained by the target (i.e., target must be a PromptChatTarget).
+    #   maintained by the target (i.e., target must be a chat-capable PromptTarget).
     non_chat_target_behavior: Literal["normalize_first_turn", "raise"] = "normalize_first_turn"
 
     def get_message_normalizer(self) -> MessageStringNormalizer:

pyrit/executor/attack/core/attack_strategy.py

@@ -8,7 +8,7 @@
 import time
 from abc import ABC
 from dataclasses import dataclass, field
-from typing import TYPE_CHECKING, Any, Generic, Optional, TypeVar, Union, overload
+from typing import TYPE_CHECKING, Any, ClassVar, Generic, Optional, TypeVar, Union, overload
 
 from pyrit.common.logger import logger
 from pyrit.executor.attack.core.attack_parameters import AttackParameters, AttackParamsT
@@ -27,6 +27,7 @@
     ConversationReference,
     Message,
 )
+from pyrit.prompt_target.common.target_requirements import TargetRequirements
 
 if TYPE_CHECKING:
     from pyrit.executor.attack.core.attack_config import AttackScoringConfig
@@ -233,6 +234,10 @@ class AttackStrategy(Strategy[AttackStrategyContextT, AttackStrategyResultT], Id
     Defines the interface for executing attacks and handling results.
     """
 
+    #: Capability requirements placed on ``objective_target``. Subclasses
+    #: override to declare what the attack needs. Validated in ``__init__``.
+    TARGET_REQUIREMENTS: ClassVar[TargetRequirements] = TargetRequirements()
+
     def __init__(
         self,
         *,
@@ -259,6 +264,7 @@ def __init__(
             ),
             logger=logger,
         )
+        type(self).TARGET_REQUIREMENTS.validate(target=objective_target)
         self._objective_target = objective_target
         self._params_type = params_type
         # Guard so subclasses that set converters before calling super() aren't clobbered