Implement OpenAIResponsesGenerator

[ABeltramo]

Implements a new OpenAI compatible generator OpenAIResponsesGenerator that uses the responses API instead of ChatCompletion.

This started as way to run Agent Breaker against agents that support the responses API, but I think it's valuable as a standalone Generator for any probe.
I'm currently storing the returned tool calls as Message notes, mainly so that I can do manual inspection of the attempts in the report.jsonl file. Ideally, I think there should be a generic mechanism for storing those so that detectors can pick those up properly. Probably outside the scope for this PR, just wanted to know if you already have a direction for integrating tool calling into Garak.

Verification

The new Generator can be used like others OpenAI compatible generators, ex:

  generators:
    openai:
      OpenAIResponsesGenerator:
        uri: http://localhost:1234/v1/
        api_key: dummy 
        tools:
          - type: mcp
            server_label: mcp_server
            server_url: http://localhost:8888/sse
            require_approval: "never"

[jmartin-tech]

This PR looks pretty useful, the new formats are something we are seeing more middle layers starting to mimic.

Some overall asks:

• Please rebase this on main and adjust the PR target.
• Given the comments made here about OpenAICompatible this might be functionality that has value in finding a way to integrate there.

[jmartin-tech]

This should probably extend OpenAICompatible or possibly be integrated into that class.

If kept separate, I would even go as far as suggesting this should be OpenAIReponsesCompatible as the intent described in the description suggests usage with any service that supports the Responses APi.

[jmartin-tech]

This needs first class support, reasoning traces are additional data that garak needs to start gathering during the inference phase. As a first to support view I could see storing them as notes on the message but I don't think we should land them as an alternative value collected like this option suggests would be possible.

While is suspect the intent of making this a list is to gather both the option to not include messages becomes implied as valid, I am suggesting that should not be the case.

[jmartin-tech]

This value should map to max_tokens. Since this generator is targeting the responses API this class should promote the garak standard generator option of max_tokens to be max_output_tokens during __init__ of this class instead of exposing max_output_tokens.

I understand this diverges from how OpenAIReasoningGenerator handled max_completion_tokens, however the evolution of how max_tokens is treated needs to standardize.

[jmartin-tech]

No need to support string here, all prompts must be of type Conversation at this time.

Suggested change

	def _build_input(prompt: Union[Conversation, str]):
	def _build_input(prompt: Conversation):

[jmartin-tech]

Merging message text and reasoning text without may marker to delineate between them is not viable. Reasoning either needs to be stored separately or enclosed in something like the <think></think> tag from legacy APIs to ensure garak can properly exclude reasoning from the responses.

[jmartin-tech]

While I understand the format is different here, _extract_system_prompt and _build_input do not take into account additional input modalities supported by the Responses API that are already incorporated in OpenAICompatible._conversation_to_list(). This can be refactored to share that ETL process and enable this generator to support the additional input modalities.

[jmartin-tech]

The Configurable class handles ENV_VAR support no need set here. Also _load_unsafe() should be called after all initialization and validation has completed.

Suggested change

	self.key_env_var = self.ENV_VAR
	self._load_unsafe()
	super().__init__(self.name, config_root=config_root)
	super().__init__(self.name, config_root=config_root)
	self._load_unsafe()