FEAT plumb media output through adversarial feedback loop (#6a)

.devcontainer/Dockerfile

@@ -1,28 +1,39 @@
-FROM mcr.microsoft.com/devcontainers/anaconda:3
+FROM --platform=linux/amd64 mcr.microsoft.com/devcontainers/python:3.11
+
+# Makes installation faster
+ENV UV_COMPILE_BYTECODE=1
 
 SHELL ["/bin/bash", "-c"]
 
 USER root
 
+# Remove the Yarn repository (has expired GPG key and we don't use Yarn)
+RUN rm -f /etc/apt/sources.list.d/yarn.list 2>/dev/null || true
+
 # Install required system packages + ODBC prerequisites
 RUN apt-get update && apt-get install -y \
+    sudo \
     unixodbc \
     unixodbc-dev \
-    libgl1-mesa-glx \
+    libgl1 \
+    git \
     curl \
     xdg-utils \
+    build-essential \
  && apt-get clean && rm -rf /var/lib/apt/lists/*
 
 # Install the Azure CLI, Microsoft ODBC Driver 18 & SQL tools
+# Note: Debian Trixie's sqv rejects SHA1 signatures, so we use gpg directly to import the Microsoft key
 RUN apt-get update && apt-get install -y \
       apt-transport-https \
       ca-certificates \
       gnupg \
       lsb-release \
- && curl -sL https://packages.microsoft.com/config/debian/12/packages-microsoft-prod.deb \
-      -o packages-microsoft-prod.deb \
- && dpkg -i packages-microsoft-prod.deb \
- && rm packages-microsoft-prod.deb \
+ && curl -sL https://packages.microsoft.com/keys/microsoft.asc \
+      | gpg --dearmor \
+      > /usr/share/keyrings/microsoft-archive-keyring.gpg \
+ && echo "deb [arch=amd64 signed-by=/usr/share/keyrings/microsoft-archive-keyring.gpg] https://packages.microsoft.com/debian/12/prod bookworm main" \
+      > /etc/apt/sources.list.d/microsoft.list \
  && apt-get update \
  && ACCEPT_EULA=Y apt-get install -y \
       msodbcsql18 \
@@ -41,25 +52,41 @@ RUN apt-get update \
       libpulse0 \
  && rm -rf /var/lib/apt/lists/*
 
-# Create conda env and install pyodbc into it
-RUN conda create -n pyrit-dev python=3.11 -y && \
-    conda install -n pyrit-dev -c conda-forge pyodbc -y && \
-    chown -R vscode:vscode /opt/conda/envs/pyrit-dev
+# Install uv system-wide and create pyrit-dev venv
+RUN curl -LsSf https://astral.sh/uv/install.sh | sh \
+ && mv /root/.local/bin/uv /usr/local/bin/uv \
+ && rm -rf /opt/venv \
+ && uv venv /opt/venv --python 3.11 --prompt pyrit-dev \
+ && chown -R vscode:vscode /opt/venv \
+ && ls -la /opt/venv/bin/activate
+ENV PATH="/opt/venv/bin:$PATH"
+
+# vscode user already exists in the base image, just ensure sudo access
+RUN echo "vscode ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers
+
+# Install Node.js 20.x and npm for frontend development
+RUN curl -fsSL https://deb.nodesource.com/setup_20.x | bash - \
+ && apt-get install -y nodejs \
+ && npm install -g npm@latest \
+ && apt-get clean \
+ && rm -rf /var/lib/apt/lists/*
 
 # Pre-create common user caches and fix permissions
 RUN mkdir -p /home/vscode/.cache/pre-commit \
  && mkdir -p /home/vscode/.vscode-server \
  && mkdir -p /home/vscode/.cache/pip \
- && mkdir -p /home/vscode/.cache/conda \
+ && mkdir -p /home/vscode/.cache/uv \
+ && mkdir -p /home/vscode/.cache/venv \
  && mkdir -p /home/vscode/.cache/pylance \
  && chown -R vscode:vscode /home/vscode/.cache /home/vscode/.vscode-server \
- && chmod -R 777 /home/vscode/.cache/conda /home/vscode/.cache/pip /home/vscode/.cache/pylance /opt/conda/pkgs/cache/ \
+ && chmod -R 777 /home/vscode/.cache/pip /home/vscode/.cache/pylance /home/vscode/.cache/venv /home/vscode/.cache/uv\
  && chmod -R 755 /home/vscode/.vscode-server
 
 USER vscode
-RUN /opt/conda/bin/conda init bash && \
-    echo "conda activate pyrit-dev" >> /home/vscode/.bashrc
-RUN echo "source /opt/conda/etc/profile.d/conda.sh && conda activate pyrit-dev" >> /home/vscode/.bash_profile
+# Create bash configuration files and activate the venv in bash sessions
+RUN touch /home/vscode/.bashrc /home/vscode/.bash_profile \
+ && echo "[ -f /opt/venv/bin/activate ] && source /opt/venv/bin/activate" >> /home/vscode/.bashrc \
+ && echo "[ -f /opt/venv/bin/activate ] && source /opt/venv/bin/activate" >> /home/vscode/.bash_profile
 
 # Configure Git for better performance with bind mounts
 RUN git config --global core.preloadindex true \
@@ -68,5 +95,6 @@ RUN git config --global core.preloadindex true \
  && git config --global status.showUntrackedFiles all \
  && git config --global core.fsmonitor true
 
-# Set pip’s cache directory so it can be mounted
+ # Set cache directories so they can be mounted
 ENV PIP_CACHE_DIR="/home/vscode/.cache/pip"
+ENV UV_CACHE_DIR="/home/vscode/.cache/uv"

.devcontainer/devcontainer.json

@@ -7,10 +7,12 @@
   "containerEnv": {
     "PYTHONPATH": "/workspace"
   },
+  "containerUser": "vscode",
   "customizations": {
     "vscode": {
       "settings": {
-        "python.defaultInterpreterPath": "/opt/conda/envs/pyrit-dev/bin/python",
+        "terminal.integrated.defaultProfile.linux": "bash",
+        "python.defaultInterpreterPath": "/opt/venv/bin/python",
         "python.analysis.extraPaths": [
           "/workspace"
         ],
@@ -31,7 +33,7 @@
           "pyrit/**"
         ],
         "python.analysis.exclude": [
-          "/opt/conda/envs/**",
+          "/opt/venv/**",
           "**/.venv/**",
           "**/site-packages/**",
           "**/doc/**",
@@ -50,7 +52,10 @@
           "**/dist/**": true,
           "**/pyrit/auxiliary_attacks/gcg/attack/**": true,
           "**/doc/**": true,
-          "**/.mypy_cache/**": true
+          "**/.mypy_cache/**": true,
+          "**/frontend/node_modules/**": true,
+          "**/frontend/dist/**": true,
+          "**/dbdata/**": true
         },
         "search.exclude": {
           "**/node_modules": true,
@@ -66,7 +71,7 @@
           "**/build": true,
           "**/__pycache__": true
         },
-        "explorer.autoReveal": false,
+        "explorer.autoReveal": true,
         "files.maxMemoryForLargeFilesMB": 4096,
         "files.useExperimentalFileWatcher": true,
         "git.showUntrackedFiles": true
@@ -75,10 +80,14 @@
         "ms-python.python",
         "ms-toolsai.jupyter",
         "ms-azuretools.vscode-docker",
-        "tamasfe.even-better-toml"
+        "tamasfe.even-better-toml",
+        "dbaeumer.vscode-eslint",
+        "esbenp.prettier-vscode",
+        "ms-playwright.playwright",
+        "orta.vscode-jest"
       ]
     }
   },
   "postCreateCommand": "/bin/bash -i .devcontainer/devcontainer_setup.sh",
-  "forwardPorts": [4213, 5000, 8888]
+  "forwardPorts": [3000, 4213, 5000, 8000, 8888]
 }

.devcontainer/devcontainer_setup.sh

@@ -2,6 +2,7 @@
 set -e
 
 MYPY_CACHE="/workspace/.mypy_cache"
+VIRTUAL_ENV="/opt/venv"
 # Create the mypy cache directory if it doesn't exist
 if [ ! -d "$MYPY_CACHE" ]; then
     echo "Creating mypy cache directory..."
@@ -30,16 +31,11 @@ fi
 sudo rm -rf /vscode/vscode-server/extensionsCache/github.copilot-*
 rm -rf /home/vscode/.vscode-server/extensions/{*,.[!.]*,..?*}
 
-# Path to store the hash
-HASH_FILE="/home/vscode/.cache/pip/pyproject_hash"
+# Activate the uv venv created in the Dockerfile
+source /opt/venv/bin/activate
 
-# Make sure the hash file is writable if it exists; if not, it will be created
-if [ -f "$HASH_FILE" ]; then
-    chmod 666 "$HASH_FILE"
-fi
-
-source /opt/conda/etc/profile.d/conda.sh
-conda activate pyrit-dev
+# Store hash inside venv so it's tied to the venv lifecycle
+HASH_FILE="/opt/venv/pyproject_hash"
 
 # Compute current hash
 CURRENT_HASH=$(sha256sum /workspace/pyproject.toml | awk '{print $1}')
@@ -49,13 +45,43 @@ if [ ! -f "$HASH_FILE" ] || [ "$(cat $HASH_FILE)" != "$CURRENT_HASH" ]; then
     echo "📦 pyproject.toml has changed, installing environment..."
 
     # Install dependencies
-    conda install ipykernel -y
-    pip install -e '.[dev,all]'
+    uv pip install ipykernel
+    uv pip install -e ".[dev,all]"
+    # Register the kernel with Jupyter
+    python -m ipykernel install --user --name=pyrit-dev --display-name="Python (pyrit-dev)"
 
     # Save the new hash
     echo "$CURRENT_HASH" > "$HASH_FILE"
 else
     echo "✅ pyproject.toml has not changed, skipping installation."
 fi
 
+# Install frontend dependencies
+echo "📦 Installing frontend dependencies..."
+
+# Fix node_modules permissions (volume is owned by root)
+if [ -d "/workspace/frontend/node_modules" ]; then
+    echo "Fixing node_modules permissions..."
+    sudo chown -R vscode:vscode /workspace/frontend/node_modules
+fi
+
+cd /workspace/frontend
+if [ -f "package.json" ]; then
+    npm install
+
+    # Install Playwright browsers and system dependencies for E2E testing
+    echo "📦 Installing Playwright browsers..."
+
+    # Remove third-party repos with SHA1 signature issues (rejected since 2026-02-01)
+    # Playwright deps come from Debian main repos, these aren't needed
+    sudo rm -f /etc/apt/sources.list.d/yarn.list \
+               /etc/apt/sources.list.d/nodesource.list \
+               /etc/apt/sources.list.d/microsoft.list 2>/dev/null || true
+
+    npx playwright install --with-deps chromium
+
+    echo "✅ Frontend dependencies installed."
+fi
+cd /workspace
+
 echo "🚀 Dev container setup complete!"

.devcontainer/docker-compose.yml

@@ -1,5 +1,6 @@
 services:
   devcontainer:
+    platform: linux/amd64
     build:
       context: ..
       dockerfile: .devcontainer/Dockerfile
@@ -10,22 +11,23 @@ services:
           memory: "16G"
     volumes:
       - ..:/workspace:delegated
-      - pyrit-env:/opt/conda/envs/pyrit-dev:cached
       - pip-cache:/home/vscode/.cache/pip:cached
+      - uv-cache:/home/vscode/.cache/uv:cached
       - precommit-cache:/home/vscode/.cache/pre-commit:cached
-      - conda-cache:/home/vscode/.cache/conda:cached
       - mypy-cache:/workspace/.mypy_cache:cached
       - pylance-cache:/home/vscode/.cache/pylance:cached
+      - node-modules:/workspace/frontend/node_modules:cached
+      - ~/.pyrit:/home/vscode/.pyrit:cached
     network_mode: "host"
     # Note: ports section is not needed with host network mode
     # The container will have direct access to all host network interfaces
     # Keep the container running so the post-create command can execute.
     command: "sleep infinity"
 
 volumes:
-  pyrit-env:
   pip-cache:
+  uv-cache:
   precommit-cache:
-  conda-cache:
   mypy-cache:
   pylance-cache:
+  node-modules:

.dockerignore

@@ -15,3 +15,30 @@ build/
 **/*$py.class
 **/.pytest_cache/
 **/.mypy_cache/
+
+# Environment files with secrets
+.env
+.env.*
+*.env
+
+# Database files with conversation history
+dbdata/
+results/
+default_memory.json.memory
+*.db
+*.sqlite
+
+# Azure and other credentials
+.azure/
+*.pem
+*.key
+*.pfx
+*.p12
+
+# Frontend build artifacts (will be built inside Docker)
+frontend/node_modules/
+frontend/dist/
+frontend/.vite/
+
+# Backend frontend directory (generated during packaging)
+pyrit/backend/frontend/