Public documentation for governed AI labor
SDKs/Governance/Connectors
Arx / Docs / Pentest Dry-Run

Documentation

Pentest Dry-Run

Project-Agent / library/workflows/pentest-dryrun/README.md

Project-Agent repo-root library/workflows/pentest-dryrun/README.md

Drill workflow for exercising the pentest_agent meta-connector's approval and audit flow against a benign target (ai-goat by default) before enabling it on production assets. Designed to be the first thing an org runs after opting into the autonomous-pentest tier.

Time Saved

Before: Validating an autonomous pentest agent's safety + approval flow meant either trusting the upstream demo or running it against a real target on faith.

After: A canned workflow that exercises every governance gate (signed scope, attributable initiator, LLM spend cap, exploit ESCALATE path) before any production exposure.

Connectors

| Connector | Operations | Risk | |-----------|-----------|------| | pentest_agent | providers:list, recon:run, scan:run, exploit:run | HIGH |

Overall Risk: HIGH — exercises an autonomous pentest agent. The workflow runs against a sandboxed vulnerable test app (ai-goat) and is gated by the oss-pentest-baseline policy bundle.

How It Works

  1. Lists available providers (pentagi, strix).
  2. Runs recon:run against the target (PERMITted, audited).
  3. Runs scan:run against the target (PERMITted, audited).
  4. Optionally runs exploit:run (ESCALATEs — a human reviewer must approve before it executes).

ARX Governance

  • Policy bundle: oss-pentest-baseline. Hard-fails any run missing authorization_artifact or max_llm_spend_usd. exploit:run always ESCALATEs.
  • HITL gate: Required when attempt_exploit: true.
  • Connector hard gates (in addition to policy):
  • Refuses to run without authorization_artifact.
  • Refuses to run without max_llm_spend_usd.
  • Refuses to run without _session_context.initiated_by_user_id.
  • Sandbox: community-oss profile.
  • Audit Trail: Every dispatch + every provider stdout line is intercepted via BaseConnector.execute and persisted with normalized PentestFinding counts.

Setup

```bash pip install arx

export OPENAI_API_KEY="sk-..." # or ANTHROPIC_API_KEY export AI_GOAT_TARGET_URL="https://your-ai-goat.test.internal" export AUTH_ARTIFACT_URI="arx://signed-scope/<signed-doc-id>" ```

Generate or fetch a signed scope artifact via the ARX UI / API before running. The connector will refuse to start without it.

``bash arx run workflow.py ``

To rehearse the full ESCALATE flow:

``bash ARX_PARAM_attempt_exploit=true arx run workflow.py ``

Customization

  • Set provider: strix to dispatch to the strix provider instead of pentagi.
  • Lower max_llm_spend_usd to constrain experimentation cost.
  • Point target at any sandboxed vulnerable test app (damn-vulnerable-llm-agent, ai-goat, dvwa, juice-shop, ...).