Strategy Configuration
======================

The ``strategy`` node defines the attack implementation used for red-teaming the target system. Strategies are responsible for generating adversarial prompts based on the goals defined earlier, but they can also implement complex interaction patterns, payload encoding, or multi-turn probing logic.

ARES supports both:

- **Single-turn strategies**: These generate one-shot adversarial prompts from goal intents:
    
    - ``DirectRequests``
    - ``HumanJailbreak`` (via plugin)
    - ``Encoding/Decoding`` (via ``ares-garak`` plugin)

- **Multi-turn strategies**: These simulate conversational attacks or iterative probing.
    
    - ``PyRIT Crescendo`` (via plugin)


Basic Configuration
-------------------

Here is an example of a single strategy configuration:

.. code-block:: yaml

   strategy:
     direct_request:
       type: ares.strategies.direct_requests.DirectRequests
       input_path: 'assets/ares_goals.json'  # path to processed goal intents
       output_path: 'assets/direct_request_attacks.json'  # path to save generated attack prompts

Supported out-of-the-box strategy types can be found in the ``strategy`` package. Each strategy module implements a specific attack method, such as direct prompt injection, jailbreak crafting, or token-level manipulation.

Multiple Strategies
-------------------

ARES supports running multiple strategies in a single evaluation. This allows you to test different attack methods against the same target and compare outcomes.

Example:

.. code-block:: yaml

   strategy:
     - direct_request
     - ares_human_jailbreak  # see more in ARES Plugins

This configuration will apply both strategies sequentially to the goal dataset.