refactor LatentInjection

[leondz]

The LatentInjection module had an overly complex inheritance graph.

This is updated to use mixins, as follows:

• LatentInjectionMixin - retained; used in all probes; adds tags, detector, methods for assembling prompts & triggers
• NonFullMixin - used to map Full probes to standard (i.e. lightweight) versions
• TranslationMixin - templates and assembly for translation-based injections
• FactSnippetMixin - docs, instructions, injections, and assembly for fact snippet-based instructions

LatentWhoisSnippet took a heavy refactoring; previously inherited on LatentInjectionFactSnippetEiffelFull, now inherits LatentWhois and FactSnippetMixin

Verification

• python -m pytest tests/probes/test_probes_latentinjection.py (this should pass solo without config fixtures being loaded)
• python -m pytest tests/probes/test_probes.py
• Check that prompts from each probe correspond to the intended attack
• Check that probes have the correct active True/False depending on their size

[mrowebot]

LGTM 👍

[jmartin-tech]

Testing shows this changed the prompt count for LatentWhoisSnippet, looking closer into why.

From 0.10.3.1

latentinjection.LatentWhois                                                 base.TriggerListDetector: PASS  ok on   28/  28
latentinjection.LatentWhoisSnippet                                          base.TriggerListDetector: PASS  ok on   32/  32

On main @ 55da36b

latentinjection.LatentWhois                                                 base.TriggerListDetector: PASS  ok on   28/  28
latentinjection.LatentWhoisSnippet                                          base.TriggerListDetector: PASS  ok on   32/  32

This PR branch:

latentinjection.LatentWhois                                                 base.TriggerListDetector: PASS  ok on   28/  28
latentinjection.LatentWhoisSnippet                                          base.TriggerListDetector: PASS  ok on  256/ 256

I suspect this is not an expected change.

[leondz]

Thanks, good catch. I believe the randomisation logic changed for this probe to be more in line with common practice in garak, rather than predicated on generations, so I think some change is likely if that happens to be the cause.

[jmartin-tech]

Review of LatentWhoisSnippet shows the permutations selected are consistent but not identical to previous prompts. The application of soft_prompt_cap as a limiter in the Full version is part of the reason in testing no identical prompts were found.

This can land as is, however I made some minor comments related to this unexpected usage of soft_prompt_cap in Full probes and that some for the application of FactSnippitMixin seems spurious which make continue to make this module difficult to maintain.

[jmartin-tech]

Optional, this does not look be needed, nothing is being inherited from FactSnippetMixin.

FactSnippetMixin.injection_instructions is still accessible as written in line 602 if this is removed.

Suggested change

	class LatentWhoisSnippetFull(FactSnippetMixin, LatentWhois):
	class LatentWhoisSnippetFull(LatentWhois):

[leondz]

Snippet building needs refactoring anyway after the current fix in #1181 - will update that PR and then it should be processed directly after this one.

[leondz]

on second thoughts:

• will leave this inheritance to express intent
• bugfix: reduce latent optimisation permutation explosion #1181 creeps if it addresses this
• will pick up in later refactor-only PR that needn't block recalibration

[leondz]

Review of LatentWhoisSnippet shows the permutations selected are consistent but not identical to previous prompts

Sounds like expected behaviour - both are intentionally sampling rather than using whole population. Good it's consistent. Tests based on validation learnings welcome