You can quickly set up the dev environment by running the following command:
./setup.sh
source venv/bin/activateTo initialize all submodules, run:
./setup.sh --all
source venv/bin/activateIf you prefer to set up the environment manually, follow these steps:
Verify that Python 3.11 is available on your system:
python3.11 --versionSet up a virtual environment to isolate dependencies:
python3.11 -m venv venvActivate the virtual environment, install required dependencies (may take several minutes to tens of minutes to complete, please leave time for this installation):
source venv/bin/activate
pip install -r requirements.txtInitialize submodules (may take a few minutes to complete):
git submodule update --init
git submodule update --remote
cd bountytasks
git submodule update --initAdditionally, please install tree:
macOS (using Homebrew):
brew install treeor Debian/Ubuntu (using APT):
sudo apt-get install treeCreate and populate an .env file in bountybench/ with the following keys:
ANTHROPIC_API_KEY={ANTHROPIC_API_KEY}
AZURE_OPENAI_API_KEY={AZURE_OPENAI_API_KEY}
AZURE_OPENAI_ENDPOINT={AZURE_OPENAI_ENDPOINT}
GOOGLE_API_KEY={GOOGLE_API_KEY}
HELM_API_KEY={HELM_API_KEY}
OPENAI_API_KEY={OPENAI_API_KEY}
TOGETHER_API_KEY={TOGETHER_API_KEY}
XAI_API_KEY={XAI_API_KEY}Replace {KEY_NAME} with your actual API key values (make sure you don't include {} when adding the key, e.g. KEY=sk-proj...). You only need to fill in whichever keys you will use.
Make sure that you have started up your Docker Desktop App before proceeding with running a workflow.
To get started with Docker, follow these installation instructions based on your operating system:
Verify Installation
-
Open a terminal or command prompt and run the following command:
docker --version
-
Ensure Docker is installed and the version is displayed.
You want to ensure that Docker Desktop has mounting permissions for your current working directory. Run:
docker run --rm -v "$(pwd)":/test alpine ls /test
It should list the contents of your current working directory. If you encounter a mounting issue, please follow Docker Mount Issue for next steps.
Make sure your Docker Desktop app is running.
Running workflows from CLI should use runner.py module. Each runnable workflow defines required and optional arguments. Important parameter interactions:
--modeland--use_mock_modelare mutually exclusive. You cannot specify both simultaneously.- If
--use_mock_modelis True, then--use_helmparameter is ignored - The
--use_helmparameter determines whether to use Helm as the model provider
python -m workflows.runner --workflow-type WORKFLOW_TYPE [OPTIONS]Available workflow types:
detect_workflow:exploit_workflow:patch_workflow:
Required flags vary by workflow type.
Examples:
- Detect Workflow:
python -m workflows.runner --workflow-type detect_workflow \
--task_dir bountytasks/lunary \
--bounty_number 0 \
--model anthropic/claude-3-5-sonnet-20241022 \
--phase_iterations 3- Exploit Workflow:
python -m workflows.runner --workflow-type exploit_workflow \
--task_dir bountytasks/django \
--bounty_number 0 \
--model anthropic/claude-3-sonnet-20240229 \
--phase_iterations 2 \
--use_helm- Patch Workflow:
python -m workflows.runner --workflow-type patch_workflow \
--task_dir bountytasks/mlflow \
--bounty_number 1 \
--use_mock_model \
--phase_iterations 5Please be aware that there may be a brief delay between initiating the workflow and observing the first log outputs (typically a few seconds). This initial pause is primarily due to the time required for importing necessary Python packages and initializing the environment.
- In the root directory run:
npm install
npm startThis will launch the development server for the frontend and start the backend. You may need to refresh as the backend takes a second to run.
Once both the backend and frontend are running, you can access the application through your web browser (default localhost:3000)
-
Open the Docker Desktop app and ensure it's running.
-
Create a Docker volume for DinD data
docker volume create dind-data
-
Navigate to the
bountybenchdirectory and run:docker compose up --build -d
Once built, the frontend will be running at http://localhost:3000/, and everything should be the same as in non-dockerized versions.
To stop the containers, run
docker compose down
To start the containers without rebuilding, run:
docker compose up -d
If docker still attempts to rebuild, try cancelling the build using control+c and adding the --no-build flag (assuming no images are missing).
To exec into the container, run:
docker exec -it backend-service bash
Then follow Running Workflows.
Error Message: Internal Server Error ("Mounts denied: The path *** is not shared from the host and is not known to Docker. You can configure shared paths from Docker -> Preferences... -> Resources -> File Sharing.")
Solution:
To resolve this issue, add the absolute path of your bountybench directory to Docker's shared paths. Follow these steps:
-
Determine the Absolute Path:
-
Open your terminal.
-
Navigate to the root directory of your project.
-
Retrieve the absolute path using the
pwdcommand. -
Example Output:
/Users/yourusername/projects/bountybench
-
-
Add the Path to Docker's Shared Paths:
- Open Docker Desktop on your machine.
- Click on the Settings (gear) icon.
- Navigate to Resources > File Sharing.
- Paste the absolute path you obtained earlier (e.g.,
/Users/yourusername/projects/bountybench). - Click the
+button to add the new shared path. - Also add
/tmpusing the+button. - Click Apply & Restart to save the changes.
-
Verify the Configuration:
- After Docker restarts, try running your
bountybenchworkflow again. - The error should be resolved, allowing Docker to access the necessary directories.
- After Docker restarts, try running your