trident-tui 0.8.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/README.md +35 -0
  2. package/bin/cli.js +136 -0
  3. package/package.json +33 -0
  4. package/vendor/strix_agent-0.8.3-py3-none-any.whl +0 -0
package/README.md ADDED
@@ -0,0 +1,35 @@
1
+ # trident-tui
2
+
3
+ **Trident** — an AI penetration-testing agent you can run with one command, no source checkout required:
4
+
5
+ ```bash
6
+ npx trident-tui
7
+ ```
8
+
9
+ On first run it:
10
+
11
+ 1. installs [`uv`](https://docs.astral.sh/uv/) (a fast Python manager) if you don't have it,
12
+ 2. pulls the Docker sandbox image,
13
+ 3. opens a **Configure LLM** screen where you paste your model (e.g. `anthropic/claude-sonnet-4-6`) and **API key** — saved to `~/.strix/cli-config.json`, so you only do it once.
14
+
15
+ Then scan something:
16
+
17
+ ```bash
18
+ npx trident-tui --target https://example.com
19
+ npx trident-tui --target ./my-project
20
+ npx trident-tui --help
21
+ ```
22
+
23
+ ## Requirements
24
+
25
+ - **Docker** (running) — the security tools execute inside a sandbox container. Install Docker Desktop: https://docs.docker.com/get-docker/
26
+ - Node.js ≥ 16 (for the `npx` launcher)
27
+ - Everything else (Python, dependencies) is handled automatically by `uv`.
28
+
29
+ > Only test systems you own or are explicitly authorized to test.
30
+
31
+ ## How it works
32
+
33
+ This package bundles Trident as a Python wheel (`vendor/*.whl`). The `npx` launcher
34
+ boots it via `uv` and hands off to the `trident` CLI. No API keys are bundled — you
35
+ provide your own on first run.
package/bin/cli.js ADDED
@@ -0,0 +1,136 @@
1
+ #!/usr/bin/env node
2
+ /*
3
+ * Trident launcher for `npx trident-pentest`.
4
+ *
5
+ * Trident itself is a Python tool. This Node launcher makes it runnable with a
6
+ * single `npx` command and NO source checkout:
7
+ * 1. ensures `uv` (a fast Python manager) is installed,
8
+ * 2. pre-pulls the Docker sandbox image (reliable, via the docker CLI),
9
+ * 3. runs Trident straight from the bundled wheel in ./vendor.
10
+ *
11
+ * On first run Trident opens a "Configure LLM" screen and asks for your model
12
+ * (e.g. anthropic/claude-sonnet-4-6) and API key. Settings are saved to
13
+ * ~/.strix/cli-config.json so you only enter them once.
14
+ *
15
+ * Docker is required (the security tools run inside a sandbox container).
16
+ */
17
+ 'use strict';
18
+
19
+ const { spawnSync } = require('child_process');
20
+ const fs = require('fs');
21
+ const os = require('os');
22
+ const path = require('path');
23
+
24
+ const SANDBOX_IMAGE = 'ghcr.io/usestrix/strix-sandbox:0.1.13';
25
+ const isWin = process.platform === 'win32';
26
+ const HOME = os.homedir();
27
+ const LOCAL_BIN = path.join(HOME, '.local', 'bin');
28
+
29
+ function log(msg) {
30
+ process.stdout.write(msg + '\n');
31
+ }
32
+
33
+ // Resolve a command on PATH; returns its path or null.
34
+ function commandPath(cmd) {
35
+ const finder = isWin ? 'where' : 'which';
36
+ const r = spawnSync(finder, [cmd], { encoding: 'utf8' });
37
+ if (r.status === 0 && r.stdout) {
38
+ return r.stdout.split(/\r?\n/)[0].trim();
39
+ }
40
+ return null;
41
+ }
42
+
43
+ function resolveUv() {
44
+ if (commandPath('uv')) return 'uv';
45
+ const local = path.join(LOCAL_BIN, isWin ? 'uv.exe' : 'uv');
46
+ if (fs.existsSync(local)) return local;
47
+ return null;
48
+ }
49
+
50
+ function installUv() {
51
+ log('Installing uv (one-time)...');
52
+ let r;
53
+ if (isWin) {
54
+ r = spawnSync(
55
+ 'powershell',
56
+ ['-NoProfile', '-ExecutionPolicy', 'Bypass', '-Command', 'irm https://astral.sh/uv/install.ps1 | iex'],
57
+ { stdio: 'inherit' }
58
+ );
59
+ } else {
60
+ r = spawnSync('sh', ['-c', 'curl -LsSf https://astral.sh/uv/install.sh | sh'], { stdio: 'inherit' });
61
+ }
62
+ return r.status === 0;
63
+ }
64
+
65
+ function ensureUv() {
66
+ let uv = resolveUv();
67
+ if (uv) return uv;
68
+ if (!installUv()) return null;
69
+ // make the freshly-installed uv visible to this process
70
+ process.env.PATH = LOCAL_BIN + path.delimiter + (process.env.PATH || '');
71
+ return resolveUv();
72
+ }
73
+
74
+ function findWheel() {
75
+ const vendor = path.join(__dirname, '..', 'vendor');
76
+ let files = [];
77
+ try {
78
+ files = fs.readdirSync(vendor).filter((f) => f.endsWith('.whl'));
79
+ } catch (e) {
80
+ return null;
81
+ }
82
+ return files.length ? path.join(vendor, files[0]) : null;
83
+ }
84
+
85
+ // Pre-pull the sandbox image with the docker CLI. This is far more reliable
86
+ // than letting the Python SDK stream the pull on first run (esp. on Windows).
87
+ function prePullImage() {
88
+ if (!commandPath('docker')) {
89
+ log('');
90
+ log('[!] Docker not found — Trident runs every scan inside a Docker sandbox.');
91
+ log(' Install Docker Desktop, then run this again: https://docs.docker.com/get-docker/');
92
+ log('');
93
+ return;
94
+ }
95
+ if (spawnSync('docker', ['info'], { stdio: 'ignore' }).status !== 0) {
96
+ log('');
97
+ log('[!] Docker is installed but not running. Start Docker Desktop, then run this again.');
98
+ log('');
99
+ return;
100
+ }
101
+ if (spawnSync('docker', ['image', 'inspect', SANDBOX_IMAGE], { stdio: 'ignore' }).status === 0) {
102
+ log('[ok] Docker sandbox image already present.');
103
+ return;
104
+ }
105
+ log('Downloading the Docker sandbox image (one-time, a few GB)...');
106
+ const r = spawnSync('docker', ['pull', SANDBOX_IMAGE], { stdio: 'inherit' });
107
+ if (r.status === 0) log('[ok] Sandbox image downloaded.');
108
+ else log('[!] Could not pull the image now; Trident will retry on your first scan.');
109
+ }
110
+
111
+ function main() {
112
+ log('');
113
+ log(' Trident - AI penetration-testing agent');
114
+ log('');
115
+
116
+ const uv = ensureUv();
117
+ if (!uv) {
118
+ log('[x] Could not find or install uv. Install it manually: https://docs.astral.sh/uv/getting-started/installation/');
119
+ process.exit(1);
120
+ }
121
+
122
+ const wheel = findWheel();
123
+ if (!wheel) {
124
+ log('[x] Bundled Trident package (vendor/*.whl) is missing from this install.');
125
+ process.exit(1);
126
+ }
127
+
128
+ prePullImage();
129
+
130
+ // Hand off to the Python CLI. First run prompts for the model + API key.
131
+ const args = process.argv.slice(2);
132
+ const r = spawnSync(uv, ['tool', 'run', '--from', wheel, 'trident', ...args], { stdio: 'inherit' });
133
+ process.exit(r.status === null ? 1 : r.status);
134
+ }
135
+
136
+ main();
package/package.json ADDED
@@ -0,0 +1,33 @@
1
+ {
2
+ "name": "trident-tui",
3
+ "version": "0.8.3",
4
+ "description": "Trident — AI penetration-testing agent. Run it with `npx trident-tui`; it bootstraps everything and prompts for your API key.",
5
+ "bin": {
6
+ "trident-tui": "bin/cli.js"
7
+ },
8
+ "files": [
9
+ "bin/",
10
+ "vendor/",
11
+ "README.md"
12
+ ],
13
+ "engines": {
14
+ "node": ">=16"
15
+ },
16
+ "keywords": [
17
+ "security",
18
+ "pentest",
19
+ "penetration-testing",
20
+ "vulnerability",
21
+ "scanner",
22
+ "ai",
23
+ "agent",
24
+ "cli",
25
+ "trident"
26
+ ],
27
+ "license": "Apache-2.0",
28
+ "preferGlobal": true,
29
+ "repository": {
30
+ "type": "git",
31
+ "url": "git+https://github.com/esprit-labs/trident-web-pentesting.git"
32
+ }
33
+ }