strix-agent 0.1.19__tar.gz → 0.3.1__tar.gz

{strix_agent-0.1.19 → strix_agent-0.3.1}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.3
 Name: strix-agent
-Version: 0.1.19
+Version: 0.3.1
 Summary: Open-source AI Hackers for your apps
 License: Apache-2.0
 Keywords: cybersecurity,security,vulnerability,scanner,pentest,agent,ai,cli
@@ -46,7 +46,7 @@ Description-Content-Type: text/markdown
 
 [![Strix](https://img.shields.io/badge/Strix-usestrix.com-1a1a1a.svg)](https://usestrix.com)
 [![Apache 2.0](https://img.shields.io/badge/license-Apache%202.0-blue.svg)](LICENSE)
-[![Discord](https://img.shields.io/badge/Discord-join-5865F2?logo=discord&logoColor=white)](https://discord.gg/yduEyduBsp)
+[![Discord](https://img.shields.io/badge/Discord-join-5865F2?logo=discord&logoColor=white)](https://discord.gg/J48Fzuh7)
 [![PyPI Downloads](https://static.pepy.tech/personalized-badge/strix-agent?period=total&units=INTERNATIONAL_SYSTEM&left_color=GRAY&right_color=BLACK&left_text=Downloads)](https://pepy.tech/projects/strix-agent)
 [![GitHub stars](https://img.shields.io/github/stars/usestrix/strix.svg?style=social&label=Star)](https://github.com/usestrix/strix)
 </div>
@@ -144,7 +144,13 @@ strix --target https://github.com/org/repo
 # Web application assessment
 strix --target https://your-app.com
 
-# Focused testing
+# Multi-target white-box testing (source code + deployed app)
+strix -t https://github.com/org/app -t https://your-app.com
+
+# Test multiple environments simultaneously
+strix -t https://dev.your-app.com -t https://staging.your-app.com -t https://prod.your-app.com
+
+# Focused testing with instructions
 strix --target api.your-app.com --instruction "Prioritize authentication and authorization testing"
 
 # Testing with credentials
@@ -164,6 +170,41 @@ export PERPLEXITY_API_KEY="your-api-key"  # for search capabilities
 
 [📚 View supported AI models](https://docs.litellm.ai/docs/providers)
 
+### 🤖 Headless Mode
+
+Run Strix programmatically without interactive UI using the `-n/--non-interactive` flag—perfect for servers and automated jobs. The CLI prints real-time vulnerability findings, and the final report before exiting. Exits with non-zero code when vulnerabilities are found.
+
+```bash
+strix -n --target https://your-app.com --instruction "Focus on authentication and authorization vulnerabilities"
+```
+
+### 🔄 CI/CD (GitHub Actions)
+
+Strix can be added to your pipeline to run a security test on pull requests with a lightweight GitHub Actions workflow:
+
+```yaml
+name: strix-penetration-test
+
+on:
+  pull_request:
+
+jobs:
+  security-scan:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install Strix
+        run: pipx install strix-agent
+
+      - name: Run Strix
+        env:
+          STRIX_LLM: ${{ secrets.STRIX_LLM }}
+          LLM_API_KEY: ${{ secrets.LLM_API_KEY }}
+
+        run: strix -n -t ./
+```
+
 ## 🏆 Enterprise Platform
 
 Our managed platform provides:
@@ -208,7 +249,7 @@ Help expand our collection of specialized prompt modules for AI agents:
 
 ## 👥 Join Our Community
 
-Have questions? Found a bug? Want to contribute? **[Join our Discord!](https://discord.gg/yduEyduBsp)**
+Have questions? Found a bug? Want to contribute? **[Join our Discord!](https://discord.gg/J48Fzuh7)**
 
 </div>
 

{strix_agent-0.1.19 → strix_agent-0.3.1}/README.md

@@ -6,7 +6,7 @@
 
 [![Strix](https://img.shields.io/badge/Strix-usestrix.com-1a1a1a.svg)](https://usestrix.com)
 [![Apache 2.0](https://img.shields.io/badge/license-Apache%202.0-blue.svg)](LICENSE)
-[![Discord](https://img.shields.io/badge/Discord-join-5865F2?logo=discord&logoColor=white)](https://discord.gg/yduEyduBsp)
+[![Discord](https://img.shields.io/badge/Discord-join-5865F2?logo=discord&logoColor=white)](https://discord.gg/J48Fzuh7)
 [![PyPI Downloads](https://static.pepy.tech/personalized-badge/strix-agent?period=total&units=INTERNATIONAL_SYSTEM&left_color=GRAY&right_color=BLACK&left_text=Downloads)](https://pepy.tech/projects/strix-agent)
 [![GitHub stars](https://img.shields.io/github/stars/usestrix/strix.svg?style=social&label=Star)](https://github.com/usestrix/strix)
 </div>
@@ -104,7 +104,13 @@ strix --target https://github.com/org/repo
 # Web application assessment
 strix --target https://your-app.com
 
-# Focused testing
+# Multi-target white-box testing (source code + deployed app)
+strix -t https://github.com/org/app -t https://your-app.com
+
+# Test multiple environments simultaneously
+strix -t https://dev.your-app.com -t https://staging.your-app.com -t https://prod.your-app.com
+
+# Focused testing with instructions
 strix --target api.your-app.com --instruction "Prioritize authentication and authorization testing"
 
 # Testing with credentials
@@ -124,6 +130,41 @@ export PERPLEXITY_API_KEY="your-api-key"  # for search capabilities
 
 [📚 View supported AI models](https://docs.litellm.ai/docs/providers)
 
+### 🤖 Headless Mode
+
+Run Strix programmatically without interactive UI using the `-n/--non-interactive` flag—perfect for servers and automated jobs. The CLI prints real-time vulnerability findings, and the final report before exiting. Exits with non-zero code when vulnerabilities are found.
+
+```bash
+strix -n --target https://your-app.com --instruction "Focus on authentication and authorization vulnerabilities"
+```
+
+### 🔄 CI/CD (GitHub Actions)
+
+Strix can be added to your pipeline to run a security test on pull requests with a lightweight GitHub Actions workflow:
+
+```yaml
+name: strix-penetration-test
+
+on:
+  pull_request:
+
+jobs:
+  security-scan:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install Strix
+        run: pipx install strix-agent
+
+      - name: Run Strix
+        env:
+          STRIX_LLM: ${{ secrets.STRIX_LLM }}
+          LLM_API_KEY: ${{ secrets.LLM_API_KEY }}
+
+        run: strix -n -t ./
+```
+
 ## 🏆 Enterprise Platform
 
 Our managed platform provides:
@@ -168,6 +209,6 @@ Help expand our collection of specialized prompt modules for AI agents:
 
 ## 👥 Join Our Community
 
-Have questions? Found a bug? Want to contribute? **[Join our Discord!](https://discord.gg/yduEyduBsp)**
+Have questions? Found a bug? Want to contribute? **[Join our Discord!](https://discord.gg/J48Fzuh7)**
 
 </div>

{strix_agent-0.1.19 → strix_agent-0.3.1}/pyproject.toml

@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "strix-agent"
-version = "0.1.19"
+version = "0.3.1"
 description = "Open-source AI Hackers for your apps"
 authors = ["Strix <hi@usestrix.com>"]
 readme = "README.md"
@@ -39,7 +39,7 @@ include = [
 ]
 
 [tool.poetry.scripts]
-strix = "strix.cli.main:main"
+strix = "strix.interface.main:main"
 
 [tool.poetry.dependencies]
 python = "^3.12"

strix_agent-0.3.1/strix/agents/StrixAgent/strix_agent.py

@@ -0,0 +1,82 @@
+from typing import Any
+
+from strix.agents.base_agent import BaseAgent
+from strix.llm.config import LLMConfig
+
+
+class StrixAgent(BaseAgent):
+    max_iterations = 300
+
+    def __init__(self, config: dict[str, Any]):
+        default_modules = []
+
+        state = config.get("state")
+        if state is None or (hasattr(state, "parent_id") and state.parent_id is None):
+            default_modules = ["root_agent"]
+
+        self.default_llm_config = LLMConfig(prompt_modules=default_modules)
+
+        super().__init__(config)
+
+    async def execute_scan(self, scan_config: dict[str, Any]) -> dict[str, Any]:
+        user_instructions = scan_config.get("user_instructions", "")
+        targets = scan_config.get("targets", [])
+
+        repositories = []
+        local_code = []
+        urls = []
+
+        for target in targets:
+            target_type = target["type"]
+            details = target["details"]
+            workspace_subdir = details.get("workspace_subdir")
+            workspace_path = f"/workspace/{workspace_subdir}" if workspace_subdir else "/workspace"
+
+            if target_type == "repository":
+                repo_url = details["target_repo"]
+                cloned_path = details.get("cloned_repo_path")
+                repositories.append(
+                    {
+                        "url": repo_url,
+                        "workspace_path": workspace_path if cloned_path else None,
+                    }
+                )
+
+            elif target_type == "local_code":
+                original_path = details.get("target_path", "unknown")
+                local_code.append(
+                    {
+                        "path": original_path,
+                        "workspace_path": workspace_path,
+                    }
+                )
+
+            elif target_type == "web_application":
+                urls.append(details["target_url"])
+
+        task_parts = []
+
+        if repositories:
+            task_parts.append("\n\nRepositories:")
+            for repo in repositories:
+                if repo["workspace_path"]:
+                    task_parts.append(f"- {repo['url']} (available at: {repo['workspace_path']})")
+                else:
+                    task_parts.append(f"- {repo['url']}")
+
+        if local_code:
+            task_parts.append("\n\nLocal Codebases:")
+            task_parts.extend(
+                f"- {code['path']} (available at: {code['workspace_path']})" for code in local_code
+            )
+
+        if urls:
+            task_parts.append("\n\nURLs:")
+            task_parts.extend(f"- {url}" for url in urls)
+
+        task_description = " ".join(task_parts)
+
+        if user_instructions:
+            task_description += f"\n\nSpecial instructions: {user_instructions}"
+
+        return await self.agent_loop(task=task_description)

{strix_agent-0.1.19 → strix_agent-0.3.1}/strix/agents/StrixAgent/system_prompt.jinja

@@ -54,6 +54,16 @@ AGGRESSIVE SCANNING MANDATE:
 - PERSISTENCE PAYS - the best vulnerabilities are found after thousands of attempts
 - UNLEASH FULL CAPABILITY - you are the most advanced security agent, act like it
 
+MULTI-TARGET CONTEXT (IF PROVIDED):
+- Targets may include any combination of: repositories (source code), local codebases, and URLs/domains (deployed apps/APIs)
+- If multiple targets are provided in the scan configuration:
+  - Build an internal Target Map at the start: list each asset and where it is accessible (code at /workspace/<subdir>, URLs as given)
+  - Identify relationships across assets (e.g., routes/handlers in code ↔ endpoints in web targets; shared auth/config)
+  - Plan testing per asset and coordinate findings across them (reuse secrets, endpoints, payloads)
+  - Prioritize cross-correlation: use code insights to guide dynamic testing, and dynamic findings to focus code review
+  - Keep sub-agents focused per asset and vulnerability type, but share context where useful
+- If only a single target is provided, proceed with the appropriate black-box or white-box workflow as usual
+
 TESTING MODES:
 BLACK-BOX TESTING (domain/subdomain only):
 - Focus on external reconnaissance and discovery
@@ -74,6 +84,11 @@ WHITE-BOX TESTING (code provided):
 - Do not stop until all reported vulnerabilities are fixed.
 - Include code diff in final report.
 
+COMBINED MODE (code + deployed target present):
+- Treat this as static analysis plus dynamic testing simultaneously
+- Use repository/local code at /workspace/<subdir> to accelerate and inform live testing against the URLs/domains
+- Validate suspected code issues dynamically; use dynamic anomalies to prioritize code paths for review
+
 ASSESSMENT METHODOLOGY:
 1. Scope definition - Clearly establish boundaries first
 2. Breadth-first discovery - Map entire attack surface before deep diving

{strix_agent-0.1.19 → strix_agent-0.3.1}/strix/agents/base_agent.py

@@ -5,7 +5,7 @@ from typing import TYPE_CHECKING, Any, Optional
 
 
 if TYPE_CHECKING:
-    from strix.cli.tracer import Tracer
+    from strix.telemetry.tracer import Tracer
 
 from jinja2 import (
     Environment,
@@ -46,7 +46,7 @@ class AgentMeta(type):
 
 
 class BaseAgent(metaclass=AgentMeta):
-    max_iterations = 200
+    max_iterations = 300
     agent_name: str = ""
     jinja_env: Environment
     default_llm_config: LLMConfig | None = None
@@ -54,7 +54,8 @@ class BaseAgent(metaclass=AgentMeta):
     def __init__(self, config: dict[str, Any]):
         self.config = config
 
-        self.local_source_path = config.get("local_source_path")
+        self.local_sources = config.get("local_sources", [])
+        self.non_interactive = config.get("non_interactive", False)
 
         if "max_iterations" in config:
             self.max_iterations = config["max_iterations"]
@@ -76,7 +77,7 @@ class BaseAgent(metaclass=AgentMeta):
 
         self._current_task: asyncio.Task[Any] | None = None
 
-        from strix.cli.tracer import get_global_tracer
+        from strix.telemetry.tracer import get_global_tracer
 
         tracer = get_global_tracer()
         if tracer:
@@ -146,10 +147,10 @@ class BaseAgent(metaclass=AgentMeta):
             self._current_task.cancel()
             self._current_task = None
 
-    async def agent_loop(self, task: str) -> dict[str, Any]:
+    async def agent_loop(self, task: str) -> dict[str, Any]:  # noqa: PLR0912, PLR0915
         await self._initialize_sandbox_and_state(task)
 
-        from strix.cli.tracer import get_global_tracer
+        from strix.telemetry.tracer import get_global_tracer
 
         tracer = get_global_tracer()
 
@@ -161,6 +162,8 @@ class BaseAgent(metaclass=AgentMeta):
                 continue
 
             if self.state.should_stop():
+                if self.non_interactive:
+                    return self.state.final_result or {}
                 await self._enter_waiting_state(tracer)
                 continue
 
@@ -170,13 +173,47 @@ class BaseAgent(metaclass=AgentMeta):
 
             self.state.increment_iteration()
 
+            if (
+                self.state.is_approaching_max_iterations()
+                and not self.state.max_iterations_warning_sent
+            ):
+                self.state.max_iterations_warning_sent = True
+                remaining = self.state.max_iterations - self.state.iteration
+                warning_msg = (
+                    f"URGENT: You are approaching the maximum iteration limit. "
+                    f"Current: {self.state.iteration}/{self.state.max_iterations} "
+                    f"({remaining} iterations remaining). "
+                    f"Please prioritize completing your required task(s) and calling "
+                    f"the appropriate finish tool (finish_scan for root agent, "
+                    f"agent_finish for sub-agents) as soon as possible."
+                )
+                self.state.add_message("user", warning_msg)
+
+            if self.state.iteration == self.state.max_iterations - 3:
+                final_warning_msg = (
+                    "CRITICAL: You have only 3 iterations left! "
+                    "Your next message MUST be the tool call to the appropriate "
+                    "finish tool: finish_scan if you are the root agent, or "
+                    "agent_finish if you are a sub-agent. "
+                    "No other actions should be taken except finishing your work "
+                    "immediately."
+                )
+                self.state.add_message("user", final_warning_msg)
+
             try:
                 should_finish = await self._process_iteration(tracer)
                 if should_finish:
+                    if self.non_interactive:
+                        self.state.set_completed({"success": True})
+                        if tracer:
+                            tracer.update_agent_status(self.state.agent_id, "completed")
+                        return self.state.final_result or {}
                     await self._enter_waiting_state(tracer, task_completed=True)
                     continue
 
             except asyncio.CancelledError:
+                if self.non_interactive:
+                    raise
                 await self._enter_waiting_state(tracer, error_occurred=False, was_cancelled=True)
                 continue
 
@@ -184,6 +221,22 @@ class BaseAgent(metaclass=AgentMeta):
                 error_msg = str(e)
                 error_details = getattr(e, "details", None)
                 self.state.add_error(error_msg)
+
+                if self.non_interactive:
+                    self.state.set_completed({"success": False, "error": error_msg})
+                    if tracer:
+                        tracer.update_agent_status(self.state.agent_id, "failed", error_msg)
+                        if error_details:
+                            tracer.log_tool_execution_start(
+                                self.state.agent_id,
+                                "llm_error_details",
+                                {"error": error_msg, "details": error_details},
+                            )
+                            tracer.update_tool_execution(
+                                tracer._next_execution_id - 1, "failed", error_details
+                            )
+                    return {"success": False, "error": error_msg}
+
                 self.state.enter_waiting_state(llm_failed=True)
                 if tracer:
                     tracer.update_agent_status(self.state.agent_id, "llm_failed", error_msg)
@@ -200,6 +253,11 @@ class BaseAgent(metaclass=AgentMeta):
 
             except (RuntimeError, ValueError, TypeError) as e:
                 if not await self._handle_iteration_error(e, tracer):
+                    if self.non_interactive:
+                        self.state.set_completed({"success": False, "error": str(e)})
+                        if tracer:
+                            tracer.update_agent_status(self.state.agent_id, "failed")
+                        raise
                     await self._enter_waiting_state(tracer, error_occurred=True)
                     continue
 
@@ -210,7 +268,7 @@ class BaseAgent(metaclass=AgentMeta):
             self.state.resume_from_waiting()
             self.state.add_message("assistant", "Waiting timeout reached. Resuming execution.")
 
-            from strix.cli.tracer import get_global_tracer
+            from strix.telemetry.tracer import get_global_tracer
 
             tracer = get_global_tracer()
             if tracer:
@@ -275,7 +333,7 @@ class BaseAgent(metaclass=AgentMeta):
 
             runtime = get_runtime()
             sandbox_info = await runtime.create_sandbox(
-                self.state.agent_id, self.state.sandbox_token, self.local_source_path
+                self.state.agent_id, self.state.sandbox_token, self.local_sources
             )
             self.state.sandbox_id = sandbox_info["workspace_id"]
             self.state.sandbox_token = sandbox_info["auth_token"]
@@ -353,6 +411,8 @@ class BaseAgent(metaclass=AgentMeta):
             self.state.set_completed({"success": True})
             if tracer:
                 tracer.update_agent_status(self.state.agent_id, "completed")
+            if self.non_interactive and self.state.parent_id is None:
+                return True
             return True
 
         return False
@@ -390,7 +450,7 @@ class BaseAgent(metaclass=AgentMeta):
                                     state.resume_from_waiting()
                                     has_new_messages = True
 
-                                    from strix.cli.tracer import get_global_tracer
+                                    from strix.telemetry.tracer import get_global_tracer
 
                                     tracer = get_global_tracer()
                                     if tracer:
@@ -399,7 +459,7 @@ class BaseAgent(metaclass=AgentMeta):
                                 state.resume_from_waiting()
                                 has_new_messages = True
 
-                                from strix.cli.tracer import get_global_tracer
+                                from strix.telemetry.tracer import get_global_tracer
 
                                 tracer = get_global_tracer()
                                 if tracer:
@@ -441,7 +501,7 @@ class BaseAgent(metaclass=AgentMeta):
                         message["read"] = True
 
                 if has_new_messages and not state.is_waiting_for_input():
-                    from strix.cli.tracer import get_global_tracer
+                    from strix.telemetry.tracer import get_global_tracer
 
                     tracer = get_global_tracer()
                     if tracer:

{strix_agent-0.1.19 → strix_agent-0.3.1}/strix/agents/state.py

@@ -19,13 +19,14 @@ class AgentState(BaseModel):
 
     task: str = ""
     iteration: int = 0
-    max_iterations: int = 200
+    max_iterations: int = 300
     completed: bool = False
     stop_requested: bool = False
     waiting_for_input: bool = False
     llm_failed: bool = False
     waiting_start_time: datetime | None = None
     final_result: dict[str, Any] | None = None
+    max_iterations_warning_sent: bool = False
 
     messages: list[dict[str, Any]] = Field(default_factory=list)
     context: dict[str, Any] = Field(default_factory=dict)
@@ -106,6 +107,9 @@ class AgentState(BaseModel):
     def has_reached_max_iterations(self) -> bool:
         return self.iteration >= self.max_iterations
 
+    def is_approaching_max_iterations(self, threshold: float = 0.85) -> bool:
+        return self.iteration >= int(self.max_iterations * threshold)
+
     def has_waiting_timeout(self) -> bool:
         if not self.waiting_for_input or not self.waiting_start_time:
             return False

strix_agent-0.3.1/strix/interface/cli.py

@@ -0,0 +1,171 @@
+import atexit
+import signal
+import sys
+from typing import Any
+
+from rich.console import Console
+from rich.panel import Panel
+from rich.text import Text
+
+from strix.agents.StrixAgent import StrixAgent
+from strix.llm.config import LLMConfig
+from strix.telemetry.tracer import Tracer, set_global_tracer
+
+from .utils import get_severity_color
+
+
+async def run_cli(args: Any) -> None:  # noqa: PLR0915
+    console = Console()
+
+    start_text = Text()
+    start_text.append("🦉 ", style="bold white")
+    start_text.append("STRIX CYBERSECURITY AGENT", style="bold green")
+
+    target_text = Text()
+    if len(args.targets_info) == 1:
+        target_text.append("🎯 Target: ", style="bold cyan")
+        target_text.append(args.targets_info[0]["original"], style="bold white")
+    else:
+        target_text.append("🎯 Targets: ", style="bold cyan")
+        target_text.append(f"{len(args.targets_info)} targets\n", style="bold white")
+        for i, target_info in enumerate(args.targets_info):
+            target_text.append("   • ", style="dim white")
+            target_text.append(target_info["original"], style="white")
+            if i < len(args.targets_info) - 1:
+                target_text.append("\n")
+
+    results_text = Text()
+    results_text.append("📊 Results will be saved to: ", style="bold cyan")
+    results_text.append(f"agent_runs/{args.run_name}", style="bold white")
+
+    note_text = Text()
+    note_text.append("\n\n", style="dim")
+    note_text.append("⏱️  ", style="dim")
+    note_text.append("This may take a while depending on target complexity. ", style="dim")
+    note_text.append("Vulnerabilities will be displayed in real-time.", style="dim")
+
+    startup_panel = Panel(
+        Text.assemble(
+            start_text,
+            "\n\n",
+            target_text,
+            "\n",
+            results_text,
+            note_text,
+        ),
+        title="[bold green]🛡️  STRIX PENETRATION TEST INITIATED",
+        title_align="center",
+        border_style="green",
+        padding=(1, 2),
+    )
+
+    console.print("\n")
+    console.print(startup_panel)
+    console.print()
+
+    scan_config = {
+        "scan_id": args.run_name,
+        "targets": args.targets_info,
+        "user_instructions": args.instruction or "",
+        "run_name": args.run_name,
+    }
+
+    llm_config = LLMConfig()
+    agent_config = {
+        "llm_config": llm_config,
+        "max_iterations": 300,
+        "non_interactive": True,
+    }
+
+    if getattr(args, "local_sources", None):
+        agent_config["local_sources"] = args.local_sources
+
+    tracer = Tracer(args.run_name)
+    tracer.set_scan_config(scan_config)
+
+    def display_vulnerability(report_id: str, title: str, content: str, severity: str) -> None:
+        severity_color = get_severity_color(severity.lower())
+
+        vuln_text = Text()
+        vuln_text.append("🐞 ", style="bold red")
+        vuln_text.append("VULNERABILITY FOUND", style="bold red")
+        vuln_text.append(" • ", style="dim white")
+        vuln_text.append(title, style="bold white")
+
+        severity_text = Text()
+        severity_text.append("Severity: ", style="dim white")
+        severity_text.append(severity.upper(), style=f"bold {severity_color}")
+
+        vuln_panel = Panel(
+            Text.assemble(
+                vuln_text,
+                "\n\n",
+                severity_text,
+                "\n\n",
+                content,
+            ),
+            title=f"[bold red]🔍 {report_id.upper()}",
+            title_align="left",
+            border_style="red",
+            padding=(1, 2),
+        )
+
+        console.print(vuln_panel)
+        console.print()
+
+    tracer.vulnerability_found_callback = display_vulnerability
+
+    def cleanup_on_exit() -> None:
+        tracer.cleanup()
+
+    def signal_handler(_signum: int, _frame: Any) -> None:
+        tracer.cleanup()
+        sys.exit(1)
+
+    atexit.register(cleanup_on_exit)
+    signal.signal(signal.SIGINT, signal_handler)
+    signal.signal(signal.SIGTERM, signal_handler)
+    if hasattr(signal, "SIGHUP"):
+        signal.signal(signal.SIGHUP, signal_handler)
+
+    set_global_tracer(tracer)
+
+    try:
+        console.print()
+        with console.status("[bold cyan]Running penetration test...", spinner="dots") as status:
+            agent = StrixAgent(agent_config)
+            result = await agent.execute_scan(scan_config)
+            status.stop()
+
+            if isinstance(result, dict) and not result.get("success", True):
+                error_msg = result.get("error", "Unknown error")
+                console.print()
+                console.print(f"[bold red]❌ Penetration test failed:[/] {error_msg}")
+                console.print()
+                sys.exit(1)
+
+    except Exception as e:
+        console.print(f"[bold red]Error during penetration test:[/] {e}")
+        raise
+
+    if tracer.final_scan_result:
+        console.print()
+
+        final_report_text = Text()
+        final_report_text.append("📄 ", style="bold cyan")
+        final_report_text.append("FINAL PENETRATION TEST REPORT", style="bold cyan")
+
+        final_report_panel = Panel(
+            Text.assemble(
+                final_report_text,
+                "\n\n",
+                tracer.final_scan_result,
+            ),
+            title="[bold cyan]📊 PENETRATION TEST SUMMARY",
+            title_align="center",
+            border_style="cyan",
+            padding=(1, 2),
+        )
+
+        console.print(final_report_panel)
+        console.print()