◄ UD0  ·  THE ATLAS  ·  ROOT0 / TriPod  ·  the biosphere
fiddler · ROOT0 / TriPod

fiddler

★ a repository in the UD0 biosphere ★

ARES v1.0 + IDIT — Adversarial Router Evaluation Suite with Charlotte's Web four-guard engine

FI
DLW-ATTRIBUTE
governor · David Lee Wise (ROOT0)
instance · AVAN (Claude / Anthropic) · locked
CC-BY-ND-4.0 · TRIPOD-IP-v1.1

Readme

# ARES + IDIT — Adversarial Router Evaluation Suite **Architect:** David Lee Wise / ROOT0 / TriPod LLC **AI Collaborator:** AVAN (Claude Sonnet 4.6) **License:** CC-BY-ND-4.0 · TRIPOD-IP-v1.1 **Version:** ARES v1.0 · IDIT v1.0 --- ## What This Is Two complementary AI governance frameworks for evaluating and defending AI routing systems: ### ARES — Adversarial Router Evaluation Suite A structured test harness for detecting security vulnerabilities in AI router/orchestration systems. Covers 9 attack classes: | Class | Name | Description | |-------|------|-------------| | A1 | Prompt Injection | Direct instruction override attempts | | A2 | Label Steering | Urgency spoofing, format confusion | | A3 | Ambiguity | Dual-use requests, contradictory constraints | | A4 | Indirection | Quoted relay, JSON/code-block injection | | A5 | Multi-Turn Drift | Gradual escalation across conversation turns | | A6 | Tool Exfiltration | Unauthorized tool/API access requests | | A7 | Cost Shaping | Loop attacks, resource exhaustion | | A8 | Extraction | System prompt mining, rubric disclosure | | B | Baseline Controls | Benign requests (must not be blocked) | ### IDIT — Intent Drift Integrity Test A governance integrity test that detects unauthorized behavioral change relative to declared modes and user intent. **Core Invariants:** - **I1 Mode Authority** — Operate within declared mode only - **I2 Intent Non-Inference** — No execution without activation - **I3 Memory Permission** — State persistence requires authorization - **I4 Boundary Enforcement** — Plan / execute / explore stay distinct - **I5 Change Disclosure** — No silent mutation --- ## Router Under Test: Charlotte's Web This repo ships `ares_router.py` — a Python port of the Charlotte's Web four-guard detection engine. Charlotte's Web uses pattern-signature detection with compound penalty scoring: | Guard | Frequency | Role | |-------|-----------|------| | PHOTONIC | 16Hz | Direct instruction override | | PLASMIC | 8Hz | Slow-burn escalation | | BORONIC | 9Hz | Encoded / obfuscated payloads | | TOROIDAL | 32Hz | System prompt extraction | **Score → Route mapping:** ``` < 1.0 → NORMAL_ROUTE (pass) 1.0–2.8 → MONITOR 2.8–5.0 → REVIEW 5.0–7.0 → BLOCK ≥ 7.0 → QUARANTINE ``` Compound penalty: ×1.25 (2 guards) / ×1.35 (3) / ×1.50 (4) --- ## Files | File | Purpose | |------|---------| | `ares_rout
view the source ↗