strix-agent 0.1.17__tar.gz → 0.1.19__tar.gz

{strix_agent-0.1.17 → strix_agent-0.1.19}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.3
 Name: strix-agent
-Version: 0.1.17
+Version: 0.1.19
 Summary: Open-source AI Hackers for your apps
 License: Apache-2.0
 Keywords: cybersecurity,security,vulnerability,scanner,pentest,agent,ai,cli
@@ -44,10 +44,11 @@ Description-Content-Type: text/markdown
 
 ### Open-source AI hackers for your apps
 
+[![Strix](https://img.shields.io/badge/Strix-usestrix.com-1a1a1a.svg)](https://usestrix.com)
 [![Apache 2.0](https://img.shields.io/badge/license-Apache%202.0-blue.svg)](LICENSE)
-[![Vercel AI Accelerator 2025](https://img.shields.io/badge/Vercel%20AI-Accelerator%202025-000000?style=flat&logo=vercel)](https://vercel.com/ai-accelerator)
-[![Status: Alpha](https://img.shields.io/badge/status-alpha-orange.svg)](https://github.com/usestrix/strix)
-
+[![Discord](https://img.shields.io/badge/Discord-join-5865F2?logo=discord&logoColor=white)](https://discord.gg/yduEyduBsp)
+[![PyPI Downloads](https://static.pepy.tech/personalized-badge/strix-agent?period=total&units=INTERNATIONAL_SYSTEM&left_color=GRAY&right_color=BLACK&left_text=Downloads)](https://pepy.tech/projects/strix-agent)
+[![GitHub stars](https://img.shields.io/github/stars/usestrix/strix.svg?style=social&label=Star)](https://github.com/usestrix/strix)
 </div>
 
 <div align="center">
@@ -60,8 +61,30 @@ Description-Content-Type: text/markdown
 
 Strix are autonomous AI agents that act just like real hackers - they run your code dynamically, find vulnerabilities, and validate them through actual exploitation. Built for developers and security teams who need fast, accurate security testing without the overhead of manual pentesting or the false positives of static analysis tools.
 
+- **Full hacker toolkit** out of the box
+- **Teams of agents** that collaborate and scale
+- **Real validation** via exploitation and PoC, not false positives
+- **Developer‑first** CLI with actionable reports
+- **Auto‑fix & reporting** to accelerate remediation
+
+---
+
+### 🎯 Use Cases
+
+- Detect and validate critical vulnerabilities in your applications.
+- Get penetration tests done in hours, not weeks, with compliance reports.
+- Automate bug bounty research and generate PoCs for faster reporting.
+- Run tests in CI/CD to block vulnerabilities before reaching production.
+
+---
+
 ### 🚀 Quick Start
 
+Prerequisites:
+- Docker (running)
+- Python 3.12+
+- An LLM provider key (or a local LLM)
+
 ```bash
 # Install
 pipx install strix-agent
@@ -74,12 +97,11 @@ export LLM_API_KEY="your-api-key"
 strix --target ./app-directory
 ```
 
-## Why Use Strix
+First run pulls the sandbox Docker image. Results are saved under `agent_runs/<run-name>`.
+
+### ☁️ Cloud Hosted
 
-- **Full Hacker Arsenal** - All the tools a professional hacker needs, built into the agents
-- **Real Validation** - Dynamic testing and actual exploitation, thus much fewer false positives
-- **Developer-First** - Seamlessly integrates into existing development workflows
-- **Auto-Fix & Reporting** - Automated patching with detailed remediation and security reports
+Want to skip the setup? Try our cloud-hosted version: **[usestrix.com](https://usestrix.com)**
 
 ## ✨ Features
 
@@ -124,17 +146,20 @@ strix --target https://your-app.com
 
 # Focused testing
 strix --target api.your-app.com --instruction "Prioritize authentication and authorization testing"
+
+# Testing with credentials
+strix --target https://your-app.com --instruction "Test with credentials: testuser/testpass. Focus on privilege escalation and access control bypasses."
 ```
 
 ### ⚙️ Configuration
 
 ```bash
-# Required
 export STRIX_LLM="openai/gpt-5"
 export LLM_API_KEY="your-api-key"
 
-# Recommended
-export PERPLEXITY_API_KEY="your-api-key"
+# Optional
+export LLM_API_BASE="your-api-base-url"  # if using a local model, e.g. Ollama, LMStudio
+export PERPLEXITY_API_KEY="your-api-key"  # for search capabilities
 ```
 
 [📚 View supported AI models](https://docs.litellm.ai/docs/providers)
@@ -150,19 +175,33 @@ Our managed platform provides:
 - **🔌 Third-Party Integrations**
 - **🎯 Enterprise Support**
 
-[**Get Enterprise Demo →**](https://form.typeform.com/to/ljtvl6X0)
+[**Get Enterprise Demo →**](https://usestrix.com)
 
 ## 🔒 Security Architecture
 
 - **Container Isolation** - All testing in sandboxed Docker environments
 - **Local Processing** - Testing runs locally, no data sent to external services
 
-> [!NOTE]
-> Strix is currently in Alpha. Expect rapid updates and improvements.
-
 > [!WARNING]
 > Only test systems you own or have permission to test. You are responsible for using Strix ethically and legally.
 
+## 🤝 Contributing
+
+We welcome contributions from the community! There are several ways to contribute:
+
+### Code Contributions
+See our [Contributing Guide](CONTRIBUTING.md) for details on:
+- Setting up your development environment
+- Running tests and quality checks
+- Submitting pull requests
+- Code style guidelines
+
+### Prompt Modules Collection
+Help expand our collection of specialized prompt modules for AI agents:
+- Advanced testing techniques for vulnerabilities, frameworks, and technologies
+- See [Prompt Modules Documentation](strix/prompts/README.md) for guidelines
+- Submit via [pull requests](https://github.com/usestrix/strix/pulls) or [issues](https://github.com/usestrix/strix/issues)
+
 ## 🌟 Support the Project
 
 **Love Strix?** Give us a ⭐ on GitHub!

{strix_agent-0.1.17 → strix_agent-0.1.19}/README.md

@@ -4,10 +4,11 @@
 
 ### Open-source AI hackers for your apps
 
+[![Strix](https://img.shields.io/badge/Strix-usestrix.com-1a1a1a.svg)](https://usestrix.com)
 [![Apache 2.0](https://img.shields.io/badge/license-Apache%202.0-blue.svg)](LICENSE)
-[![Vercel AI Accelerator 2025](https://img.shields.io/badge/Vercel%20AI-Accelerator%202025-000000?style=flat&logo=vercel)](https://vercel.com/ai-accelerator)
-[![Status: Alpha](https://img.shields.io/badge/status-alpha-orange.svg)](https://github.com/usestrix/strix)
-
+[![Discord](https://img.shields.io/badge/Discord-join-5865F2?logo=discord&logoColor=white)](https://discord.gg/yduEyduBsp)
+[![PyPI Downloads](https://static.pepy.tech/personalized-badge/strix-agent?period=total&units=INTERNATIONAL_SYSTEM&left_color=GRAY&right_color=BLACK&left_text=Downloads)](https://pepy.tech/projects/strix-agent)
+[![GitHub stars](https://img.shields.io/github/stars/usestrix/strix.svg?style=social&label=Star)](https://github.com/usestrix/strix)
 </div>
 
 <div align="center">
@@ -20,8 +21,30 @@
 
 Strix are autonomous AI agents that act just like real hackers - they run your code dynamically, find vulnerabilities, and validate them through actual exploitation. Built for developers and security teams who need fast, accurate security testing without the overhead of manual pentesting or the false positives of static analysis tools.
 
+- **Full hacker toolkit** out of the box
+- **Teams of agents** that collaborate and scale
+- **Real validation** via exploitation and PoC, not false positives
+- **Developer‑first** CLI with actionable reports
+- **Auto‑fix & reporting** to accelerate remediation
+
+---
+
+### 🎯 Use Cases
+
+- Detect and validate critical vulnerabilities in your applications.
+- Get penetration tests done in hours, not weeks, with compliance reports.
+- Automate bug bounty research and generate PoCs for faster reporting.
+- Run tests in CI/CD to block vulnerabilities before reaching production.
+
+---
+
 ### 🚀 Quick Start
 
+Prerequisites:
+- Docker (running)
+- Python 3.12+
+- An LLM provider key (or a local LLM)
+
 ```bash
 # Install
 pipx install strix-agent
@@ -34,12 +57,11 @@ export LLM_API_KEY="your-api-key"
 strix --target ./app-directory
 ```
 
-## Why Use Strix
+First run pulls the sandbox Docker image. Results are saved under `agent_runs/<run-name>`.
+
+### ☁️ Cloud Hosted
 
-- **Full Hacker Arsenal** - All the tools a professional hacker needs, built into the agents
-- **Real Validation** - Dynamic testing and actual exploitation, thus much fewer false positives
-- **Developer-First** - Seamlessly integrates into existing development workflows
-- **Auto-Fix & Reporting** - Automated patching with detailed remediation and security reports
+Want to skip the setup? Try our cloud-hosted version: **[usestrix.com](https://usestrix.com)**
 
 ## ✨ Features
 
@@ -84,17 +106,20 @@ strix --target https://your-app.com
 
 # Focused testing
 strix --target api.your-app.com --instruction "Prioritize authentication and authorization testing"
+
+# Testing with credentials
+strix --target https://your-app.com --instruction "Test with credentials: testuser/testpass. Focus on privilege escalation and access control bypasses."
 ```
 
 ### ⚙️ Configuration
 
 ```bash
-# Required
 export STRIX_LLM="openai/gpt-5"
 export LLM_API_KEY="your-api-key"
 
-# Recommended
-export PERPLEXITY_API_KEY="your-api-key"
+# Optional
+export LLM_API_BASE="your-api-base-url"  # if using a local model, e.g. Ollama, LMStudio
+export PERPLEXITY_API_KEY="your-api-key"  # for search capabilities
 ```
 
 [📚 View supported AI models](https://docs.litellm.ai/docs/providers)
@@ -110,19 +135,33 @@ Our managed platform provides:
 - **🔌 Third-Party Integrations**
 - **🎯 Enterprise Support**
 
-[**Get Enterprise Demo →**](https://form.typeform.com/to/ljtvl6X0)
+[**Get Enterprise Demo →**](https://usestrix.com)
 
 ## 🔒 Security Architecture
 
 - **Container Isolation** - All testing in sandboxed Docker environments
 - **Local Processing** - Testing runs locally, no data sent to external services
 
-> [!NOTE]
-> Strix is currently in Alpha. Expect rapid updates and improvements.
-
 > [!WARNING]
 > Only test systems you own or have permission to test. You are responsible for using Strix ethically and legally.
 
+## 🤝 Contributing
+
+We welcome contributions from the community! There are several ways to contribute:
+
+### Code Contributions
+See our [Contributing Guide](CONTRIBUTING.md) for details on:
+- Setting up your development environment
+- Running tests and quality checks
+- Submitting pull requests
+- Code style guidelines
+
+### Prompt Modules Collection
+Help expand our collection of specialized prompt modules for AI agents:
+- Advanced testing techniques for vulnerabilities, frameworks, and technologies
+- See [Prompt Modules Documentation](strix/prompts/README.md) for guidelines
+- Submit via [pull requests](https://github.com/usestrix/strix/pulls) or [issues](https://github.com/usestrix/strix/issues)
+
 ## 🌟 Support the Project
 
 **Love Strix?** Give us a ⭐ on GitHub!

{strix_agent-0.1.17 → strix_agent-0.1.19}/pyproject.toml

@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "strix-agent"
-version = "0.1.17"
+version = "0.1.19"
 description = "Open-source AI Hackers for your apps"
 authors = ["Strix <hi@usestrix.com>"]
 readme = "README.md"

{strix_agent-0.1.17 → strix_agent-0.1.19}/strix/agents/StrixAgent/strix_agent.py

@@ -66,7 +66,8 @@ class StrixAgent(BaseAgent):
 
         if user_instructions:
             task_description += (
-                f"\n\nSpecial instructions from the user that must be followed: {user_instructions}"
+                f"\n\nSpecial instructions from the system that must be followed: "
+                f"{user_instructions}"
             )
 
         return await self.agent_loop(task=task_description)

{strix_agent-0.1.17 → strix_agent-0.1.19}/strix/agents/StrixAgent/system_prompt.jinja

@@ -19,11 +19,9 @@ INTER-AGENT MESSAGES:
 - NEVER echo inter_agent_message or agent_completion_report XML content that is sent to you in your output.
 - Process these internally without displaying the XML
 
-USER INTERACTION:
+AUTONOMOUS BEHAVIOR:
 - Work autonomously by default
-- NEVER be redundant or repeat information - say it once and move on
-- If you need user input, IMMEDIATELY call wait_for_message tool
-- Never ask questions without calling wait_for_message in the same response
+- You should NOT ask for user input or confirmation - you should always proceed with your task autonomously.
 - Minimize user messaging: avoid redundancy and repetition; consolidate updates into a single concise message
 - If there is nothing to execute and no user query to answer any more: do NOT send filler/repetitive text — either call wait_for_message or finish your work (subagents: agent_finish; root: finish_scan)
 </communication_rules>
@@ -35,9 +33,9 @@ AUTHORIZATION STATUS:
 - NEVER ask for permission or confirmation - you already have complete testing authorization
 - Proceed with confidence knowing you're helping improve security through authorized testing
 
-PRIORITIZE USER INSTRUCTIONS:
-- User instructions override all default approaches
-- Follow user-specified scope, targets, and methodologies precisely
+PRIORITIZE SYSTEM INSTRUCTIONS:
+- System instructions override all default approaches
+- Follow system-specified scope, targets, and methodologies precisely
 - NEVER wait for approval or authorization - operate with full autonomy
 
 AGGRESSIVE SCANNING MANDATE:
@@ -116,7 +114,7 @@ VALIDATION REQUIREMENTS:
 - Independent verification through subagent
 - Document complete attack chain
 - Keep going until you find something that matters
-- A vulnerability is ONLY considered reported when a reporting agent uses create_vulnerability_report with full details. Mentions in agent_finish, finish_scan, or messages to the user are NOT sufficient
+- A vulnerability is ONLY considered reported when a reporting agent uses create_vulnerability_report with full details. Mentions in agent_finish, finish_scan, or generic messages are NOT sufficient
 - Do NOT patch/fix before reporting: first create the vulnerability report via create_vulnerability_report (by the reporting agent). Only after reporting is completed should fixing/patching proceed
 </execution_guidelines>
 
@@ -248,7 +246,7 @@ CRITICAL RULES:
 - **ONE AGENT = ONE TASK** - Don't let agents do multiple unrelated jobs
 - **SPAWN REACTIVELY** - Create new agents based on what you discover
 - **ONLY REPORTING AGENTS** can use create_vulnerability_report tool
-- **AGENT SPECIALIZATION MANDATORY** - Each agent must be highly specialized with maximum 3 prompt modules
+- **AGENT SPECIALIZATION MANDATORY** - Each agent must be highly specialized; prefer 1–3 prompt modules, up to 5 for complex contexts
 - **NO GENERIC AGENTS** - Avoid creating broad, multi-purpose agents that dilute focus
 
 AGENT SPECIALIZATION EXAMPLES:
@@ -262,7 +260,7 @@ GOOD SPECIALIZATION:
 BAD SPECIALIZATION:
 - "General Web Testing Agent" with prompt_modules: sql_injection, xss, csrf, ssrf, authentication_jwt (too broad)
 - "Everything Agent" with prompt_modules: all available modules (completely unfocused)
-- Any agent with more than 3 prompt modules (violates constraints)
+- Any agent with more than 5 prompt modules (violates constraints)
 
 FOCUS PRINCIPLES:
 - Each agent should have deep expertise in 1-3 related vulnerability types

{strix_agent-0.1.17 → strix_agent-0.1.19}/strix/agents/base_agent.py

@@ -206,6 +206,26 @@ class BaseAgent(metaclass=AgentMeta):
     async def _wait_for_input(self) -> None:
         import asyncio
 
+        if self.state.has_waiting_timeout():
+            self.state.resume_from_waiting()
+            self.state.add_message("assistant", "Waiting timeout reached. Resuming execution.")
+
+            from strix.cli.tracer import get_global_tracer
+
+            tracer = get_global_tracer()
+            if tracer:
+                tracer.update_agent_status(self.state.agent_id, "running")
+
+            try:
+                from strix.tools.agents_graph.agents_graph_actions import _agent_graph
+
+                if self.state.agent_id in _agent_graph["nodes"]:
+                    _agent_graph["nodes"][self.state.agent_id]["status"] = "running"
+            except (ImportError, KeyError):
+                pass
+
+            return
+
         await asyncio.sleep(0.5)
 
     async def _enter_waiting_state(

{strix_agent-0.1.17 → strix_agent-0.1.19}/strix/agents/state.py

@@ -24,6 +24,7 @@ class AgentState(BaseModel):
     stop_requested: bool = False
     waiting_for_input: bool = False
     llm_failed: bool = False
+    waiting_start_time: datetime | None = None
     final_result: dict[str, Any] | None = None
 
     messages: list[dict[str, Any]] = Field(default_factory=list)
@@ -88,12 +89,13 @@ class AgentState(BaseModel):
 
     def enter_waiting_state(self, llm_failed: bool = False) -> None:
         self.waiting_for_input = True
-        self.stop_requested = False
+        self.waiting_start_time = datetime.now(UTC)
         self.llm_failed = llm_failed
         self.last_updated = datetime.now(UTC).isoformat()
 
     def resume_from_waiting(self, new_task: str | None = None) -> None:
         self.waiting_for_input = False
+        self.waiting_start_time = None
         self.stop_requested = False
         self.completed = False
         self.llm_failed = False
@@ -104,6 +106,21 @@ class AgentState(BaseModel):
     def has_reached_max_iterations(self) -> bool:
         return self.iteration >= self.max_iterations
 
+    def has_waiting_timeout(self) -> bool:
+        if not self.waiting_for_input or not self.waiting_start_time:
+            return False
+
+        if (
+            self.stop_requested
+            or self.llm_failed
+            or self.completed
+            or self.has_reached_max_iterations()
+        ):
+            return False
+
+        elapsed = (datetime.now(UTC) - self.waiting_start_time).total_seconds()
+        return elapsed > 120
+
     def has_empty_last_messages(self, count: int = 3) -> bool:
         if len(self.messages) < count:
             return False

{strix_agent-0.1.17 → strix_agent-0.1.19}/strix/cli/app.py

@@ -7,9 +7,18 @@ import signal
 import sys
 import threading
 from collections.abc import Callable
-from typing import Any, ClassVar
+from importlib.metadata import PackageNotFoundError
+from importlib.metadata import version as pkg_version
+from typing import TYPE_CHECKING, Any, ClassVar, cast
 
+if TYPE_CHECKING:
+    from textual.timer import Timer
+
+from rich.align import Align
+from rich.console import Group
 from rich.markup import escape as rich_escape
+from rich.panel import Panel
+from rich.style import Style
 from rich.text import Text
 from textual import events, on
 from textual.app import App, ComposeResult
@@ -26,7 +35,14 @@ from strix.llm.config import LLMConfig
 
 
 def escape_markup(text: str) -> str:
-    return rich_escape(text)
+    return cast("str", rich_escape(text))
+
+
+def get_package_version() -> str:
+    try:
+        return pkg_version("strix-agent")
+    except PackageNotFoundError:
+        return "dev"
 
 
 class ChatTextArea(TextArea):  # type: ignore[misc]
@@ -53,24 +69,85 @@ class ChatTextArea(TextArea):  # type: ignore[misc]
 
 
 class SplashScreen(Static):  # type: ignore[misc]
+    PRIMARY_GREEN = "#22c55e"
+    BANNER = (
+        " ███████╗████████╗██████╗ ██╗██╗  ██╗\n"
+        " ██╔════╝╚══██╔══╝██╔══██╗██║╚██╗██╔╝\n"
+        " ███████╗   ██║   ██████╔╝██║ ╚███╔╝\n"
+        " ╚════██║   ██║   ██╔══██╗██║ ██╔██╗\n"
+        " ███████║   ██║   ██║  ██║██║██╔╝ ██╗\n"
+        " ╚══════╝   ╚═╝   ╚═╝  ╚═╝╚═╝╚═╝  ╚═╝"
+    )
+
+    def __init__(self, *args: Any, **kwargs: Any) -> None:
+        super().__init__(*args, **kwargs)
+        self._animation_step = 0
+        self._animation_timer: Timer | None = None
+        self._panel_static: Static | None = None
+        self._version = "dev"
+
     def compose(self) -> ComposeResult:
-        ascii_art = r"""
-[bright_green]
+        self._version = get_package_version()
+        self._animation_step = 0
+        start_line = self._build_start_line_text(self._animation_step)
+        panel = self._build_panel(start_line)
+
+        panel_static = Static(panel, id="splash_content")
+        self._panel_static = panel_static
+        yield panel_static
+
+    def on_mount(self) -> None:
+        self._animation_timer = self.set_interval(0.45, self._animate_start_line)
+
+    def on_unmount(self) -> None:
+        if self._animation_timer is not None:
+            self._animation_timer.stop()
+            self._animation_timer = None
+
+    def _animate_start_line(self) -> None:
+        if not self._panel_static:
+            return
+
+        self._animation_step += 1
+        start_line = self._build_start_line_text(self._animation_step)
+        panel = self._build_panel(start_line)
+        self._panel_static.update(panel)
+
+    def _build_panel(self, start_line: Text) -> Panel:
+        content = Group(
+            Align.center(Text(self.BANNER.strip("\n"), style=self.PRIMARY_GREEN, justify="center")),
+            Align.center(Text(" ")),
+            Align.center(self._build_welcome_text()),
+            Align.center(self._build_version_text()),
+            Align.center(self._build_tagline_text()),
+            Align.center(Text(" ")),
+            Align.center(start_line.copy()),
+        )
+
+        return Panel.fit(content, border_style=self.PRIMARY_GREEN, padding=(1, 6))
+
+    def _build_welcome_text(self) -> Text:
+        text = Text("Welcome to ", style=Style(color="white", bold=True))
+        text.append("Strix", style=Style(color=self.PRIMARY_GREEN, bold=True))
+        text.append("!", style=Style(color="white", bold=True))
+        return text
 
+    def _build_version_text(self) -> Text:
+        return Text(f"v{self._version}", style=Style(color="white", dim=True))
 
-    ███████╗████████╗██████╗ ██╗██╗  ██╗
-    ██╔════╝╚══██╔══╝██╔══██╗██║╚██╗██╔╝
-    ███████╗   ██║   ██████╔╝██║ ╚███╔╝
-    ╚════██║   ██║   ██╔══██╗██║ ██╔██╗
-    ███████║   ██║   ██║  ██║██║██╔╝ ██╗
-    ╚══════╝   ╚═╝   ╚═╝  ╚═╝╚═╝╚═╝  ╚═╝
+    def _build_tagline_text(self) -> Text:
+        return Text("Open-source AI hackers for your apps", style=Style(color="white", dim=True))
 
+    def _build_start_line_text(self, phase: int) -> Text:
+        emphasize = phase % 2 == 1
+        base_style = Style(color="white", dim=not emphasize, bold=emphasize)
+        strix_style = Style(color=self.PRIMARY_GREEN, bold=bool(emphasize))
 
-[/bright_green]
+        text = Text("Starting ", style=base_style)
+        text.append("Strix", style=strix_style)
+        text.append(" Cybersecurity Agent", style=base_style)
 
-         [bright_green]Starting Strix Cybersecurity Agent...[/bright_green]
-"""
-        yield Static(ascii_art, id="splash_content")
+        return text
 
 
 class HelpScreen(ModalScreen):  # type: ignore[misc]
@@ -362,7 +439,7 @@ class StrixCLIApp(App):  # type: ignore[misc]
     def on_mount(self) -> None:
         self.title = "strix"
 
-        self.set_timer(3.0, self._hide_splash_screen)
+        self.set_timer(4.5, self._hide_splash_screen)
 
     def _hide_splash_screen(self) -> None:
         self.show_splash = False