feat: bump cli-extension-ai-redteam to 17f3df

Bump cli-extension-ai-redteam to latest (17f3df) which adds profiles
support, --goals flag, --list-profiles/--list-goals, and minired report
endpoint. Add acceptance tests for new flags and update fake server with
profiles, goals, and report mock endpoints.

Author: pkey

cliv2/go.mod

@@ -12,7 +12,7 @@ require (
 	github.com/rs/zerolog v1.34.0
 	github.com/snyk/cli-extension-agent-scan v0.0.0-20260312152423-bc36193ecaa8
 	github.com/snyk/cli-extension-ai-bom v0.0.0-20260303103300-ea9a5a717cbb
-	github.com/snyk/cli-extension-ai-redteam v0.0.0-20260317121319-02ae8e6ef872
+	github.com/snyk/cli-extension-ai-redteam v0.0.0-20260318130934-17f3df38ef08
 	github.com/snyk/cli-extension-dep-graph v0.27.0
 	github.com/snyk/cli-extension-iac v0.0.0-20260206082514-00c443ccee80
 	github.com/snyk/cli-extension-iac-rules v0.0.0-20260206080712-9cbb5f95465d

cliv2/go.sum

@@ -539,8 +539,8 @@ github.com/snyk/cli-extension-agent-scan v0.0.0-20260312152423-bc36193ecaa8 h1:K
 github.com/snyk/cli-extension-agent-scan v0.0.0-20260312152423-bc36193ecaa8/go.mod h1:+Znlgu2v7sOTNAVjsoldFjDZUIo8tpdKnFlMptZHzz0=
 github.com/snyk/cli-extension-ai-bom v0.0.0-20260303103300-ea9a5a717cbb h1:ZgBgiMMtY8XK8WJZpmnlt08wKPMitDEU1TS99OK+k8A=
 github.com/snyk/cli-extension-ai-bom v0.0.0-20260303103300-ea9a5a717cbb/go.mod h1:eIq61+KliPjLwhaAZT87FfeyfK/4mJaGP0wqyFtf8pQ=
-github.com/snyk/cli-extension-ai-redteam v0.0.0-20260317121319-02ae8e6ef872 h1:xH4Cy3LXrujMKO4rjo5qSwoTfvl9ueUKz2HatUeUnoY=
-github.com/snyk/cli-extension-ai-redteam v0.0.0-20260317121319-02ae8e6ef872/go.mod h1:445d735F53IuegetHs/S4GyWyng4Crd9TPj4vosmFmM=
+github.com/snyk/cli-extension-ai-redteam v0.0.0-20260318130934-17f3df38ef08 h1:TAmwolZvbV0D1oUkaQwKYLr7sdywC57/GwI45hip7PE=
+github.com/snyk/cli-extension-ai-redteam v0.0.0-20260318130934-17f3df38ef08/go.mod h1:445d735F53IuegetHs/S4GyWyng4Crd9TPj4vosmFmM=
 github.com/snyk/cli-extension-dep-graph v0.27.0 h1:yVy/QFeKdQUVL0PHZtPDSTk7icY2QrQPGKPjMFoCJwQ=
 github.com/snyk/cli-extension-dep-graph v0.27.0/go.mod h1:JQ37TXutjFa585Ocak1jfBRN6+QPppmFIlJ6+nrfgaY=
 github.com/snyk/cli-extension-iac v0.0.0-20260206082514-00c443ccee80 h1:JHbnSkgGc2oUejjzdWdeTghl0BZV7QamcRuyh7ornVo=

package-lock.json

@@ -848,6 +848,51 @@ export const fakeServer = (basePath: string, snykToken: string): FakeServer => {
     });
   });
 
+  // Red team enumeration routes
+  app.get(['/api/hidden/profiles', '/api/v1/hidden/profiles'], (_req, res) => {
+    res.json([
+      {
+        id: 'fast',
+        name: 'Fast',
+        description: 'Quick scan with a small set of attacks',
+        entries: [
+          { goal: 'system_prompt_extraction', strategy: 'directly_asking' },
+          { goal: 'prompt_injection', strategy: 'encoding_based' },
+        ],
+      },
+      {
+        id: 'security',
+        name: 'Security',
+        description: 'Comprehensive security-focused scan',
+        entries: [
+          { goal: 'system_prompt_extraction', strategy: 'directly_asking' },
+          { goal: 'prompt_injection', strategy: 'encoding_based' },
+          { goal: 'pii_extraction' },
+        ],
+      },
+    ]);
+  });
+
+  app.get('/api/hidden/goals', (_req, res) => {
+    res.json([
+      {
+        value: 'system_prompt_extraction',
+        description: 'Attempt to extract the system prompt',
+        display_order: 1,
+      },
+      {
+        value: 'prompt_injection',
+        description: 'Attempt prompt injection attacks',
+        display_order: 2,
+      },
+      {
+        value: 'pii_extraction',
+        description: 'Attempt to extract PII data',
+        display_order: 3,
+      },
+    ]);
+  });
+
   // Red team control server routes
   app.post(
     '/api/hidden/tenants/:tenantId/red_team_scans',
@@ -918,6 +963,56 @@ export const fakeServer = (basePath: string, snykToken: string): FakeServer => {
     },
   );
 
+  app.get(
+    '/api/hidden/tenants/:tenantId/red_team_scans/:id/report',
+    (req, res) => {
+      res.json({
+        id: req.params.id,
+        results: [
+          {
+            id: 'result-1',
+            severity: 'high',
+            definition: {
+              id: 'system-prompt-exfiltration',
+              name: 'System Prompt Exfiltration',
+              description:
+                'The system prompt was successfully extracted from the target.',
+            },
+            evidence: {
+              type: 'chat_transcript',
+              content: {
+                reason: 'The target revealed its system prompt when asked directly.',
+              },
+            },
+            url: 'https://example.com/vuln/1',
+          },
+        ],
+        summary: {
+          vulnerabilities: [
+            {
+              engine_tag: 'system-prompt-exfiltration/directly_asking',
+              slug: 'system-prompt-exfiltration',
+              name: 'System Prompt Exfiltration',
+              description: 'The system prompt was extracted.',
+              severity: 'high',
+              status: 'vulnerable',
+              vulnerable: true,
+            },
+            {
+              engine_tag: 'prompt-injection/encoding_based',
+              slug: 'prompt-injection',
+              name: 'Prompt Injection',
+              description: 'Prompt injection attack.',
+              severity: 'medium',
+              status: 'not_vulnerable',
+              vulnerable: false,
+            },
+          ],
+        },
+      });
+    },
+  );
+
   app.get(
     '/api/hidden/tenants/:tenantId/red_team_scans/:id',
     (req, res) => {

test/acceptance/fake-server.ts

@@ -86,7 +86,9 @@ describe('snyk redteam (mocked servers only)', () => {
       SNYK_TOKEN: '123456789',
       SNYK_DISABLE_ANALYTICS: '1',
       SNYK_CFG_ORG: tenantId,
-      CONTROL_SERVER_URL: serverBase,
+      SNYK_OAUTH_TOKEN: '',
+      INTERNAL_OAUTH_TOKEN_STORAGE: '',
+      XDG_CONFIG_HOME: mkdtempSync(join(tmpdir(), 'snyk-config-')),
     };
   });
 
@@ -126,19 +128,20 @@ describe('snyk redteam (mocked servers only)', () => {
     const scanPath = `/api/hidden/tenants/${tenantId}/red_team_scans`;
     const redteamRequests = server
       .getRequests()
-      .filter((req) => req.url?.includes('/red_team_scans'))
+      .filter((req) => req.url?.includes('/red_team_scans') || req.url?.includes('/hidden/profiles'))
       .map((req) => ({
         method: req.method,
         path: req.url?.split('?')[0],
       }));
 
     expect(redteamRequests).toEqual([
+      { method: 'GET', path: '/api/hidden/profiles' },            // resolve default profile
       { method: 'POST', path: scanPath },                         // create scan
       { method: 'POST', path: `${scanPath}/${scanId}/next` },     // get prompts (returns 1 chat)
       { method: 'GET', path: `${scanPath}/${scanId}/status` },    // progress update
       { method: 'POST', path: `${scanPath}/${scanId}/next` },     // get prompts (returns empty, loop ends)
       { method: 'GET', path: `${scanPath}/${scanId}/status` },    // final progress
-      { method: 'GET', path: `${scanPath}/${scanId}` },           // fetch result
+      { method: 'GET', path: `${scanPath}/${scanId}/report` },    // fetch report
     ]);
 
     expect(report).toMatchObject({
@@ -430,4 +433,80 @@ describe('snyk redteam (mocked servers only)', () => {
     expect(result).toHaveExitCode(2);
     expect(result.stdout).toContain('not a valid UUID');
   });
+
+  test('`redteam --list-profiles` lists available profiles', async () => {
+    const result = await runSnykCLI(
+      `redteam --experimental --list-profiles`,
+      {
+        env,
+      },
+    );
+    expect(result).toHaveExitCode(0);
+    expect(result.stdout).toContain('Available profiles');
+    expect(result.stdout).toContain('fast');
+    expect(result.stdout).toContain('security');
+  });
+
+  test('`redteam --list-goals` lists available goals', async () => {
+    const result = await runSnykCLI(
+      `redteam --experimental --list-goals`,
+      {
+        env,
+      },
+    );
+    expect(result).toHaveExitCode(0);
+    expect(result.stdout).toContain('Available goals');
+    expect(result.stdout).toContain('system_prompt_extraction');
+    expect(result.stdout).toContain('prompt_injection');
+  });
+
+  test('`redteam --goals` runs scan with specified goals', async () => {
+    const result = await runSnykCLI(
+      `redteam --config=${redteamTarget} --experimental --tenant-id=${tenantId} --target-url=${targetURL} --goals=system_prompt_extraction`,
+      {
+        env,
+      },
+    );
+    expect(result).toHaveExitCode(0);
+
+    let report: any;
+    expect(() => {
+      report = JSON.parse(extractJSON(result.stdout));
+    }).not.toThrow();
+    expect(report.id).toBeDefined();
+    expect(report.results).toBeDefined();
+
+    const requests = server
+      .getRequests()
+      .filter((req) => req.url?.includes('/hidden/profiles'));
+    expect(requests).toHaveLength(0);
+  });
+
+  test('`redteam --profile` runs scan with specified profile', async () => {
+    const result = await runSnykCLI(
+      `redteam --config=${redteamTarget} --experimental --tenant-id=${tenantId} --target-url=${targetURL} --profile=security`,
+      {
+        env,
+      },
+    );
+    expect(result).toHaveExitCode(0);
+
+    let report: any;
+    expect(() => {
+      report = JSON.parse(extractJSON(result.stdout));
+    }).not.toThrow();
+    expect(report.id).toBeDefined();
+    expect(report.results).toBeDefined();
+  });
+
+  test('`redteam --goals --profile` fails with both flags', async () => {
+    const result = await runSnykCLI(
+      `redteam --config=${redteamTarget} --experimental --tenant-id=${tenantId} --target-url=${targetURL} --goals=system_prompt_extraction --profile=fast`,
+      {
+        env,
+      },
+    );
+    expect(result).toHaveExitCode(2);
+    expect(result.stdout).toContain('cannot be used together');
+  });
 });