strix-agent 0.1.18__py3-none-any.whl → 0.1.19__py3-none-any.whl

strix/agents/StrixAgent/strix_agent.py

@@ -66,7 +66,8 @@ class StrixAgent(BaseAgent):
 
         if user_instructions:
             task_description += (
-                f"\n\nSpecial instructions from the user that must be followed: {user_instructions}"
+                f"\n\nSpecial instructions from the system that must be followed: "
+                f"{user_instructions}"
             )
 
         return await self.agent_loop(task=task_description)

strix/agents/StrixAgent/system_prompt.jinja

@@ -19,11 +19,9 @@ INTER-AGENT MESSAGES:
 - NEVER echo inter_agent_message or agent_completion_report XML content that is sent to you in your output.
 - Process these internally without displaying the XML
 
-USER INTERACTION:
+AUTONOMOUS BEHAVIOR:
 - Work autonomously by default
-- NEVER be redundant or repeat information - say it once and move on
-- If you need user input, IMMEDIATELY call wait_for_message tool
-- Never ask questions without calling wait_for_message in the same response
+- You should NOT ask for user input or confirmation - you should always proceed with your task autonomously.
 - Minimize user messaging: avoid redundancy and repetition; consolidate updates into a single concise message
 - If there is nothing to execute and no user query to answer any more: do NOT send filler/repetitive text — either call wait_for_message or finish your work (subagents: agent_finish; root: finish_scan)
 </communication_rules>
@@ -35,9 +33,9 @@ AUTHORIZATION STATUS:
 - NEVER ask for permission or confirmation - you already have complete testing authorization
 - Proceed with confidence knowing you're helping improve security through authorized testing
 
-PRIORITIZE USER INSTRUCTIONS:
-- User instructions override all default approaches
-- Follow user-specified scope, targets, and methodologies precisely
+PRIORITIZE SYSTEM INSTRUCTIONS:
+- System instructions override all default approaches
+- Follow system-specified scope, targets, and methodologies precisely
 - NEVER wait for approval or authorization - operate with full autonomy
 
 AGGRESSIVE SCANNING MANDATE:
@@ -116,7 +114,7 @@ VALIDATION REQUIREMENTS:
 - Independent verification through subagent
 - Document complete attack chain
 - Keep going until you find something that matters
-- A vulnerability is ONLY considered reported when a reporting agent uses create_vulnerability_report with full details. Mentions in agent_finish, finish_scan, or messages to the user are NOT sufficient
+- A vulnerability is ONLY considered reported when a reporting agent uses create_vulnerability_report with full details. Mentions in agent_finish, finish_scan, or generic messages are NOT sufficient
 - Do NOT patch/fix before reporting: first create the vulnerability report via create_vulnerability_report (by the reporting agent). Only after reporting is completed should fixing/patching proceed
 </execution_guidelines>
 
@@ -248,7 +246,7 @@ CRITICAL RULES:
 - **ONE AGENT = ONE TASK** - Don't let agents do multiple unrelated jobs
 - **SPAWN REACTIVELY** - Create new agents based on what you discover
 - **ONLY REPORTING AGENTS** can use create_vulnerability_report tool
-- **AGENT SPECIALIZATION MANDATORY** - Each agent must be highly specialized with maximum 3 prompt modules
+- **AGENT SPECIALIZATION MANDATORY** - Each agent must be highly specialized; prefer 1–3 prompt modules, up to 5 for complex contexts
 - **NO GENERIC AGENTS** - Avoid creating broad, multi-purpose agents that dilute focus
 
 AGENT SPECIALIZATION EXAMPLES:
@@ -262,7 +260,7 @@ GOOD SPECIALIZATION:
 BAD SPECIALIZATION:
 - "General Web Testing Agent" with prompt_modules: sql_injection, xss, csrf, ssrf, authentication_jwt (too broad)
 - "Everything Agent" with prompt_modules: all available modules (completely unfocused)
-- Any agent with more than 3 prompt modules (violates constraints)
+- Any agent with more than 5 prompt modules (violates constraints)
 
 FOCUS PRINCIPLES:
 - Each agent should have deep expertise in 1-3 related vulnerability types

strix/agents/base_agent.py

@@ -206,6 +206,26 @@ class BaseAgent(metaclass=AgentMeta):
     async def _wait_for_input(self) -> None:
         import asyncio
 
+        if self.state.has_waiting_timeout():
+            self.state.resume_from_waiting()
+            self.state.add_message("assistant", "Waiting timeout reached. Resuming execution.")
+
+            from strix.cli.tracer import get_global_tracer
+
+            tracer = get_global_tracer()
+            if tracer:
+                tracer.update_agent_status(self.state.agent_id, "running")
+
+            try:
+                from strix.tools.agents_graph.agents_graph_actions import _agent_graph
+
+                if self.state.agent_id in _agent_graph["nodes"]:
+                    _agent_graph["nodes"][self.state.agent_id]["status"] = "running"
+            except (ImportError, KeyError):
+                pass
+
+            return
+
         await asyncio.sleep(0.5)
 
     async def _enter_waiting_state(

strix/agents/state.py

@@ -24,6 +24,7 @@ class AgentState(BaseModel):
     stop_requested: bool = False
     waiting_for_input: bool = False
     llm_failed: bool = False
+    waiting_start_time: datetime | None = None
     final_result: dict[str, Any] | None = None
 
     messages: list[dict[str, Any]] = Field(default_factory=list)
@@ -88,12 +89,13 @@ class AgentState(BaseModel):
 
     def enter_waiting_state(self, llm_failed: bool = False) -> None:
         self.waiting_for_input = True
-        self.stop_requested = False
+        self.waiting_start_time = datetime.now(UTC)
         self.llm_failed = llm_failed
         self.last_updated = datetime.now(UTC).isoformat()
 
     def resume_from_waiting(self, new_task: str | None = None) -> None:
         self.waiting_for_input = False
+        self.waiting_start_time = None
         self.stop_requested = False
         self.completed = False
         self.llm_failed = False
@@ -104,6 +106,21 @@ class AgentState(BaseModel):
     def has_reached_max_iterations(self) -> bool:
         return self.iteration >= self.max_iterations
 
+    def has_waiting_timeout(self) -> bool:
+        if not self.waiting_for_input or not self.waiting_start_time:
+            return False
+
+        if (
+            self.stop_requested
+            or self.llm_failed
+            or self.completed
+            or self.has_reached_max_iterations()
+        ):
+            return False
+
+        elapsed = (datetime.now(UTC) - self.waiting_start_time).total_seconds()
+        return elapsed > 120
+
     def has_empty_last_messages(self, count: int = 3) -> bool:
         if len(self.messages) < count:
             return False

strix/cli/app.py

@@ -7,9 +7,18 @@ import signal
 import sys
 import threading
 from collections.abc import Callable
-from typing import Any, ClassVar
+from importlib.metadata import PackageNotFoundError
+from importlib.metadata import version as pkg_version
+from typing import TYPE_CHECKING, Any, ClassVar, cast
 
+if TYPE_CHECKING:
+    from textual.timer import Timer
+
+from rich.align import Align
+from rich.console import Group
 from rich.markup import escape as rich_escape
+from rich.panel import Panel
+from rich.style import Style
 from rich.text import Text
 from textual import events, on
 from textual.app import App, ComposeResult
@@ -26,7 +35,14 @@ from strix.llm.config import LLMConfig
 
 
 def escape_markup(text: str) -> str:
-    return rich_escape(text)
+    return cast("str", rich_escape(text))
+
+
+def get_package_version() -> str:
+    try:
+        return pkg_version("strix-agent")
+    except PackageNotFoundError:
+        return "dev"
 
 
 class ChatTextArea(TextArea):  # type: ignore[misc]
@@ -53,24 +69,85 @@ class ChatTextArea(TextArea):  # type: ignore[misc]
 
 
 class SplashScreen(Static):  # type: ignore[misc]
+    PRIMARY_GREEN = "#22c55e"
+    BANNER = (
+        " ███████╗████████╗██████╗ ██╗██╗  ██╗\n"
+        " ██╔════╝╚══██╔══╝██╔══██╗██║╚██╗██╔╝\n"
+        " ███████╗   ██║   ██████╔╝██║ ╚███╔╝\n"
+        " ╚════██║   ██║   ██╔══██╗██║ ██╔██╗\n"
+        " ███████║   ██║   ██║  ██║██║██╔╝ ██╗\n"
+        " ╚══════╝   ╚═╝   ╚═╝  ╚═╝╚═╝╚═╝  ╚═╝"
+    )
+
+    def __init__(self, *args: Any, **kwargs: Any) -> None:
+        super().__init__(*args, **kwargs)
+        self._animation_step = 0
+        self._animation_timer: Timer | None = None
+        self._panel_static: Static | None = None
+        self._version = "dev"
+
     def compose(self) -> ComposeResult:
-        ascii_art = r"""
-[bright_green]
+        self._version = get_package_version()
+        self._animation_step = 0
+        start_line = self._build_start_line_text(self._animation_step)
+        panel = self._build_panel(start_line)
+
+        panel_static = Static(panel, id="splash_content")
+        self._panel_static = panel_static
+        yield panel_static
+
+    def on_mount(self) -> None:
+        self._animation_timer = self.set_interval(0.45, self._animate_start_line)
+
+    def on_unmount(self) -> None:
+        if self._animation_timer is not None:
+            self._animation_timer.stop()
+            self._animation_timer = None
+
+    def _animate_start_line(self) -> None:
+        if not self._panel_static:
+            return
+
+        self._animation_step += 1
+        start_line = self._build_start_line_text(self._animation_step)
+        panel = self._build_panel(start_line)
+        self._panel_static.update(panel)
+
+    def _build_panel(self, start_line: Text) -> Panel:
+        content = Group(
+            Align.center(Text(self.BANNER.strip("\n"), style=self.PRIMARY_GREEN, justify="center")),
+            Align.center(Text(" ")),
+            Align.center(self._build_welcome_text()),
+            Align.center(self._build_version_text()),
+            Align.center(self._build_tagline_text()),
+            Align.center(Text(" ")),
+            Align.center(start_line.copy()),
+        )
+
+        return Panel.fit(content, border_style=self.PRIMARY_GREEN, padding=(1, 6))
+
+    def _build_welcome_text(self) -> Text:
+        text = Text("Welcome to ", style=Style(color="white", bold=True))
+        text.append("Strix", style=Style(color=self.PRIMARY_GREEN, bold=True))
+        text.append("!", style=Style(color="white", bold=True))
+        return text
 
+    def _build_version_text(self) -> Text:
+        return Text(f"v{self._version}", style=Style(color="white", dim=True))
 
-    ███████╗████████╗██████╗ ██╗██╗  ██╗
-    ██╔════╝╚══██╔══╝██╔══██╗██║╚██╗██╔╝
-    ███████╗   ██║   ██████╔╝██║ ╚███╔╝
-    ╚════██║   ██║   ██╔══██╗██║ ██╔██╗
-    ███████║   ██║   ██║  ██║██║██╔╝ ██╗
-    ╚══════╝   ╚═╝   ╚═╝  ╚═╝╚═╝╚═╝  ╚═╝
+    def _build_tagline_text(self) -> Text:
+        return Text("Open-source AI hackers for your apps", style=Style(color="white", dim=True))
 
+    def _build_start_line_text(self, phase: int) -> Text:
+        emphasize = phase % 2 == 1
+        base_style = Style(color="white", dim=not emphasize, bold=emphasize)
+        strix_style = Style(color=self.PRIMARY_GREEN, bold=bool(emphasize))
 
-[/bright_green]
+        text = Text("Starting ", style=base_style)
+        text.append("Strix", style=strix_style)
+        text.append(" Cybersecurity Agent", style=base_style)
 
-         [bright_green]Starting Strix Cybersecurity Agent...[/bright_green]
-"""
-        yield Static(ascii_art, id="splash_content")
+        return text
 
 
 class HelpScreen(ModalScreen):  # type: ignore[misc]
@@ -362,7 +439,7 @@ class StrixCLIApp(App):  # type: ignore[misc]
     def on_mount(self) -> None:
         self.title = "strix"
 
-        self.set_timer(3.0, self._hide_splash_screen)
+        self.set_timer(4.5, self._hide_splash_screen)
 
     def _hide_splash_screen(self) -> None:
         self.show_splash = False

strix/cli/main.py

@@ -40,7 +40,7 @@ def format_token_count(count: float) -> str:
     return str(count)
 
 
-def validate_environment() -> None:
+def validate_environment() -> None:  # noqa: PLR0912, PLR0915
     console = Console()
     missing_required_vars = []
     missing_optional_vars = []
@@ -139,7 +139,8 @@ def validate_environment() -> None:
                     )
                 elif var == "LLM_API_BASE":
                     error_text.append(
-                        "export LLM_API_BASE='http://localhost:11434'  # needed for local models only\n",
+                        "export LLM_API_BASE='http://localhost:11434'  "
+                        "# needed for local models only\n",
                         style="dim white",
                     )
                 elif var == "PERPLEXITY_API_KEY":

strix/cli/tool_components/base_renderer.py

@@ -1,5 +1,5 @@
 from abc import ABC, abstractmethod
-from typing import Any, ClassVar
+from typing import Any, ClassVar, cast
 
 from rich.markup import escape as rich_escape
 from textual.widgets import Static
@@ -17,7 +17,7 @@ class BaseToolRenderer(ABC):
 
     @classmethod
     def escape_markup(cls, text: str) -> str:
-        return rich_escape(text)
+        return cast("str", rich_escape(text))
 
     @classmethod
     def format_args(cls, args: dict[str, Any], max_length: int = 500) -> str:

strix/cli/tool_components/reporting_renderer.py

@@ -27,7 +27,8 @@ class CreateVulnerabilityReportRenderer(BaseToolRenderer):
             if severity:
                 severity_color = cls._get_severity_color(severity.lower())
                 content_parts.append(
-                    f"  [dim]Severity: [{severity_color}]{cls.escape_markup(severity.upper())}[/{severity_color}][/]"
+                    f"  [dim]Severity: [{severity_color}]"
+                    f"{cls.escape_markup(severity.upper())}[/{severity_color}][/]"
                 )
 
             if content:

strix/prompts/README.md

@@ -0,0 +1,64 @@
+# 📚 Strix Prompt Modules
+
+## 🎯 Overview
+
+Prompt modules are specialized knowledge packages that enhance Strix agents with deep expertise in specific vulnerability types, technologies, and testing methodologies. Each module provides advanced techniques, practical examples, and validation methods that go beyond baseline security knowledge.
+
+---
+
+## 🏗️ Architecture
+
+### How Prompts Work
+
+When an agent is created, it can load up to 5 specialized prompt modules relevant to the specific subtask and context at hand:
+
+```python
+# Agent creation with specialized modules
+create_agent(
+    task="Test authentication mechanisms in API",
+    name="Auth Specialist",
+    prompt_modules="authentication_jwt,business_logic"
+)
+```
+
+The modules are dynamically injected into the agent's system prompt, allowing it to operate with deep expertise tailored to the specific vulnerability types or technologies required for the task at hand.
+
+---
+
+## 📁 Module Categories
+
+| Category | Purpose |
+|----------|---------|
+| **`/vulnerabilities`** | Advanced testing techniques for core vulnerability classes like authentication bypasses, business logic flaws, and race conditions |
+| **`/frameworks`** | Specific testing methods for popular frameworks e.g. Django, Express, FastAPI, and Next.js |
+| **`/technologies`** | Specialized techniques for third-party services such as Supabase, Firebase, Auth0, and payment gateways |
+| **`/protocols`** | Protocol-specific testing patterns for GraphQL, WebSocket, OAuth, and other communication standards |
+| **`/cloud`** | Cloud provider security testing for AWS, Azure, GCP, and Kubernetes environments |
+| **`/reconnaissance`** | Advanced information gathering and enumeration techniques for comprehensive attack surface mapping |
+| **`/custom`** | Community-contributed modules for specialized or industry-specific testing scenarios |
+
+---
+
+## 🎨 Creating New Modules
+
+### What Should a Module Contain?
+
+A good prompt module is a structured knowledge package that typically includes:
+
+- **Advanced techniques** - Non-obvious methods specific to the task and domain
+- **Practical examples** - Working payloads, commands, or test cases with variations
+- **Validation methods** - How to confirm findings and avoid false positives
+- **Context-specific insights** - Environment and version nuances, configuration-dependent behavior, and edge cases
+
+Modules use XML-style tags for structure and focus on deep, specialized knowledge that significantly enhances agent capabilities for that specific context.
+
+---
+
+## 🤝 Contributing
+
+Community contributions are more than welcome — contribute new modules via [pull requests](https://github.com/usestrix/strix/pulls) or [GitHub issues](https://github.com/usestrix/strix/issues) to help expand the collection and improve extensibility for Strix agents.
+
+---
+
+> [!NOTE]
+> **Work in Progress** - We're actively expanding the prompt module collection with specialized techniques and new categories.

strix/prompts/__init__.py

@@ -58,7 +58,7 @@ def generate_modules_description() -> str:
     modules_str = ", ".join(sorted_modules)
 
     description = (
-        f"List of prompt modules to load for this agent (max 3). Available modules: {modules_str}. "
+        f"List of prompt modules to load for this agent (max 5). Available modules: {modules_str}. "
     )
 
     example_modules = sorted_modules[:2]

strix/prompts/frameworks/fastapi.jinja

@@ -0,0 +1,142 @@
+<fastapi_security_testing_guide>
+<title>FASTAPI — ADVERSARIAL TESTING PLAYBOOK</title>
+
+<critical>FastAPI (on Starlette) spans HTTP, WebSocket, and background tasks with powerful dependency injection and automatic OpenAPI. Security breaks where identity, authorization, and validation drift across routers, middlewares, proxies, and channels. Treat every dependency, header, and object reference as untrusted until bound to the caller and tenant.</critical>
+
+<surface_map>
+- ASGI stack: Starlette middlewares (CORS, TrustedHost, ProxyHeaders, Session), exception handlers, lifespan events
+- Routers/sub-apps: APIRouter with prefixes/tags, mounted apps (StaticFiles, admin subapps), `include_router`, versioned paths
+- Security and DI: `Depends`, `Security`, `OAuth2PasswordBearer`, `HTTPBearer`, scopes, per-router vs per-route dependencies
+- Models and validation: Pydantic v1/v2 models, unions/Annotated, custom validators, extra fields policy, coercion
+- Docs and schema: `/openapi.json`, `/docs`, `/redoc`, alternative docs_url/redoc_url, schema extensions
+- Files and static: `UploadFile`, `File`, `FileResponse`, `StaticFiles` mounts, template engines (`Jinja2Templates`)
+- Channels: HTTP (sync/async), WebSocket, StreamingResponse/SSE, BackgroundTasks/Task queues
+- Deployment: Uvicorn/Gunicorn, reverse proxies/CDN, TLS termination, header trust
+</surface_map>
+
+<methodology>
+1. Enumerate routes from OpenAPI and via crawling; diff with 404-fuzzing for hidden endpoints (`include_in_schema=False`).
+2. Build a Principal × Channel × Content-Type matrix (unauth, user, staff/admin; HTTP vs WebSocket; JSON/form/multipart) and capture baselines.
+3. For each route, identify dependencies (router-level and route-level). Attempt to satisfy security dependencies minimally, then mutate context (tokens, scopes, tenant headers) and object IDs.
+4. Compare behavior across deployments: dev/stage/prod often differ in middlewares (CORS, TrustedHost, ProxyHeaders) and docs exposure.
+</methodology>
+
+<high_value_targets>
+- `/openapi.json`, `/docs`, `/redoc` in production (full attack surface map; securitySchemes and server URLs)
+- Auth flows: token endpoints, session/cookie bridges, OAuth device/PKCE, scope checks
+- Admin/staff routers, feature-flagged routes, `include_in_schema=False` endpoints
+- File upload/download, import/export/report endpoints, signed URL generators
+- WebSocket endpoints carrying notifications, admin channels, or commands
+- Background job creation/fetch (`/jobs/{id}`, `/tasks/{id}/result`)
+- Mounted subapps (admin UI, storage browsers, metrics/health endpoints)
+</high_value_targets>
+
+<advanced_techniques>
+<openapi_and_docs>
+- Try default and alternate locations: `/openapi.json`, `/docs`, `/redoc`, `/api/openapi.json`, `/internal/openapi.json`.
+- If OpenAPI is exposed, mine: paths, parameter names, securitySchemes, scopes, servers; find endpoints hidden in UI but present in schema.
+- Schema drift: endpoints with `include_in_schema=False` won’t appear—use wordlists based on tags/prefixes and common admin/debug names.
+</openapi_and_docs>
+
+<dependency_injection_and_security>
+- Router vs route dependencies: routes may miss security dependencies present elsewhere; check for unprotected variants of protected actions.
+- Minimal satisfaction: `OAuth2PasswordBearer` only yields a token string—verify if any route treats token presence as auth without verification.
+- Scope checks: ensure scopes are enforced by the dependency (e.g., `Security(...)`); routes using `Depends` instead may ignore requested scopes.
+- Header/param aliasing: DI sources headers/cookies/query by name; try case variations and duplicates to influence which value binds.
+</dependency_injection_and_security>
+
+<auth_and_jwt>
+- Token misuse: developers may decode JWTs without verifying signature/issuer/audience; attempt unsigned/attacker-signed tokens and cross-service audiences.
+- Algorithm/key confusion: try HS/RS cross-use if verification is not pinned; inject `kid` header targeting local files/paths where custom key lookup exists.
+- Session bridges: check cookies set via SessionMiddleware or custom cookies. Attempt session fixation and forging if weak `secret_key` or predictable signing is used.
+- Device/PKCE flows: verify strict PKCE S256 and state/nonce enforcement if OAuth/OIDC is integrated.
+</auth_and_jwt>
+
+<cors_and_csrf>
+- CORS reflection: broad `allow_origin_regex` or mis-specified origins can permit cross-site reads; test arbitrary Origins and credentialed requests.
+- CSRF: FastAPI/Starlette lack built-in CSRF. If cookies carry auth, attempt state-changing requests via cross-site forms/XHR; validate origin header checks and same-site settings.
+</cors_and_csrf>
+
+<proxy_and_host_trust>
+- ProxyHeadersMiddleware: if enabled without network boundary, spoof `X-Forwarded-For/Proto` to influence auth/IP gating and secure redirects.
+- TrustedHostMiddleware absent or lax: perform Host header poisoning; attempt password reset links / absolute URL generation under attacker host.
+- Upstream/CDN cache keys: ensure Vary on Authorization/Cookie/Tenant; try cache key confusion to leak personalized responses.
+</proxy_and_host_trust>
+
+<static_and_uploads>
+- UploadFile.filename: attempt path traversal and control characters; verify server joins/sanitizes and enforces storage roots.
+- FileResponse/StaticFiles: confirm directory boundaries and index/auto-listing; probe symlinks and case/encoding variants.
+- Parser differentials: send JSON vs multipart for the same route to hit divergent code paths/validators.
+</static_and_uploads>
+
+<template_injection>
+- Jinja2 templates via `TemplateResponse`: search for unescaped injection in variables and filters. Probe with minimal expressions:
+{% raw %}- `{{7*7}}` → arithmetic confirmation
+- `{{cycler.__init__.__globals__['os'].popen('id').read()}}` for RCE in unsafe contexts{% endraw %}
+- Confirm autoescape and strict sandboxing; inspect custom filters/globals.
+</template_injection>
+
+<ssrf_and_outbound>
+- Endpoints fetching user-supplied URLs (imports, previews, webhooks validation): test loopback/RFC1918/IPv6, redirects, DNS rebinding, and header control.
+- Library behavior (httpx/requests): examine redirect policy, header forwarding, and protocol support; try `file://`, `ftp://`, or gopher-like shims if custom clients are used.
+</ssrf_and_outbound>
+
+<websockets>
+- Authenticate each connection (query/header/cookie). Attempt cross-origin handshakes and cookie-bearing WS from untrusted origins.
+- Topic naming and authorization: if using user/tenant IDs in channels, subscribe/publish to foreign IDs.
+- Message-level checks: ensure per-message authorization, not only at handshake.
+</websockets>
+
+<background_tasks_and_jobs>
+- BackgroundTasks that act on IDs must re-enforce ownership/tenant at execution time. Attempt to fetch/cancel others’ jobs by referencing their IDs.
+- Export/import pipelines: test job/result endpoints for IDOR and cross-tenant leaks.
+</background_tasks_and_jobs>
+
+<multi_app_mounting>
+- Mounted subapps (e.g., `/admin`, `/static`, `/metrics`) may bypass global middlewares. Confirm middleware parity and auth on mounts.
+</multi_app_mounting>
+</advanced_techniques>
+
+<bypass_techniques>
+- Content-type switching: `application/json` ↔ `application/x-www-form-urlencoded` ↔ `multipart/form-data` to traverse alternate validators/handlers.
+- Parameter duplication and case variants to exploit DI precedence.
+- Method confusion via proxies (e.g., `X-HTTP-Method-Override`) if upstream respects it while app does not.
+- Race windows around dependency-validated state transitions (issue token then mutate with parallel requests).
+</bypass_techniques>
+
+<special_contexts>
+<pydantic_edges>
+- Coercion: strings to ints/bools, empty strings to None; exploit truthiness and boundary conditions.
+- Extra fields: if models allow/ignore extras, sneak in control fields for downstream logic (scope/role/ownerId) that are later trusted.
+- Unions and `Annotated`: craft shapes hitting unintended branches.
+</pydantic_edges>
+
+<graphql_and_alt_stacks>
+- If GraphQL (Strawberry/Graphene) is mounted, validate resolver-level authorization and IDOR on node/global IDs.
+- If SQLModel/SQLAlchemy present, probe for raw query usage and row-level authorization gaps.
+</graphql_and_alt_stacks>
+</special_contexts>
+
+<validation>
+1. Show unauthorized data access or action with side-by-side owner vs non-owner requests (or different tenants).
+2. Demonstrate cross-channel consistency (HTTP and WebSocket) for the same rule.
+3. Include proof where proxies/headers/caches alter outcomes (Host/XFF/CORS).
+4. Provide minimal payloads confirming template/SSRF execution or token misuse, with safe or OAST-based oracles.
+5. Document exact dependency paths (router-level, route-level) that missed enforcement.
+</validation>
+
+<pro_tips>
+1. Always fetch `/openapi.json` first; it’s the blueprint. If hidden, brute-force likely admin/report/export routes.
+2. Trace dependencies per route; map which ones enforce auth/scopes vs merely parse input.
+3. Treat tokens returned by `OAuth2PasswordBearer` as untrusted strings—verify actual signature and claims on the server.
+4. Test CORS with arbitrary Origins and with credentials; verify preflight and actual request deltas.
+5. Add Host and X-Forwarded-* fuzzing when behind proxies; watch for redirect/absolute URL differences.
+6. For uploads, vary filename encodings, dot segments, and NUL-like bytes; verify storage paths and served URLs.
+7. Use content-type toggling to hit alternate validators and code paths.
+8. For WebSockets, test cookie-based auth, origin restrictions, and per-message authorization.
+9. Mine client bundles/env for secret paths and preview/admin flags; many teams hide routes via UI only.
+10. Keep PoCs minimal and durable (IDs, headers, small payloads) and prefer reproducible diffs over noisy payloads.
+</pro_tips>
+
+<remember>Authorization and validation must be enforced in the dependency graph and at the resource boundary for every path and channel. If any route, middleware, or mount skips binding subject, action, and object/tenant, expect cross-user and cross-tenant breakage.</remember>
+</fastapi_security_testing_guide>