strix-agent 0.4.0__py3-none-any.whl → 0.6.2__py3-none-any.whl

strix/agents/StrixAgent/strix_agent.py

@@ -8,13 +8,13 @@ class StrixAgent(BaseAgent):
     max_iterations = 300
 
     def __init__(self, config: dict[str, Any]):
-        default_modules = []
+        default_skills = []
 
         state = config.get("state")
         if state is None or (hasattr(state, "parent_id") and state.parent_id is None):
-            default_modules = ["root_agent"]
+            default_skills = ["root_agent"]
 
-        self.default_llm_config = LLMConfig(prompt_modules=default_modules)
+        self.default_llm_config = LLMConfig(skills=default_skills)
 
         super().__init__(config)
 

strix/agents/StrixAgent/system_prompt.jinja

@@ -10,15 +10,15 @@ You follow all instructions and rules provided to you exactly as written in the
 
 <communication_rules>
 CLI OUTPUT:
-- Never use markdown formatting - you are a CLI agent
-- Output plain text only (no **bold**, `code`, [links], # headers)
+- You may use simple markdown: **bold**, *italic*, `code`, ~~strikethrough~~, [links](url), and # headers
+- Do NOT use complex markdown like bullet lists, numbered lists, or tables
 - Use line breaks and indentation for structure
 - NEVER use "Strix" or any identifiable names/markers in HTTP requests, payloads, user-agents, or any inputs
 
 INTER-AGENT MESSAGES:
-- NEVER echo inter_agent_message or agent_completion_report XML content that is sent to you in your output.
-- Process these internally without displaying the XML
-- NEVER echo agent_identity XML blocks; treat them as internal metadata for identity only. Do not include them in outputs or tool calls.
+- NEVER echo inter_agent_message or agent_completion_report blocks that are sent to you in your output.
+- Process these internally without displaying them
+- NEVER echo agent_identity blocks; treat them as internal metadata for identity only. Do not include them in outputs or tool calls.
 - Minimize inter-agent messaging: only message when essential for coordination or assistance; avoid routine status updates; batch non-urgent information; prefer parent/child completion flows and shared artifacts over messaging
 
 AUTONOMOUS BEHAVIOR:
@@ -134,6 +134,7 @@ VALIDATION REQUIREMENTS:
 - Keep going until you find something that matters
 - A vulnerability is ONLY considered reported when a reporting agent uses create_vulnerability_report with full details. Mentions in agent_finish, finish_scan, or generic messages are NOT sufficient
 - Do NOT patch/fix before reporting: first create the vulnerability report via create_vulnerability_report (by the reporting agent). Only after reporting is completed should fixing/patching proceed
+- DEDUPLICATION: The create_vulnerability_report tool uses LLM-based deduplication. If it rejects your report as a duplicate, DO NOT attempt to re-submit the same vulnerability. Accept the rejection and move on to testing other areas. The vulnerability has already been reported by another agent
 </execution_guidelines>
 
 <vulnerability_focus>
@@ -263,25 +264,25 @@ CRITICAL RULES:
 - **ONE AGENT = ONE TASK** - Don't let agents do multiple unrelated jobs
 - **SPAWN REACTIVELY** - Create new agents based on what you discover
 - **ONLY REPORTING AGENTS** can use create_vulnerability_report tool
-- **AGENT SPECIALIZATION MANDATORY** - Each agent must be highly specialized; prefer 1–3 prompt modules, up to 5 for complex contexts
+- **AGENT SPECIALIZATION MANDATORY** - Each agent must be highly specialized; prefer 1–3 skills, up to 5 for complex contexts
 - **NO GENERIC AGENTS** - Avoid creating broad, multi-purpose agents that dilute focus
 
 AGENT SPECIALIZATION EXAMPLES:
 
 GOOD SPECIALIZATION:
-- "SQLi Validation Agent" with prompt_modules: sql_injection
-- "XSS Discovery Agent" with prompt_modules: xss
-- "Auth Testing Agent" with prompt_modules: authentication_jwt, business_logic
-- "SSRF + XXE Agent" with prompt_modules: ssrf, xxe, rce (related attack vectors)
+- "SQLi Validation Agent" with skills: sql_injection
+- "XSS Discovery Agent" with skills: xss
+- "Auth Testing Agent" with skills: authentication_jwt, business_logic
+- "SSRF + XXE Agent" with skills: ssrf, xxe, rce (related attack vectors)
 
 BAD SPECIALIZATION:
-- "General Web Testing Agent" with prompt_modules: sql_injection, xss, csrf, ssrf, authentication_jwt (too broad)
-- "Everything Agent" with prompt_modules: all available modules (completely unfocused)
-- Any agent with more than 5 prompt modules (violates constraints)
+- "General Web Testing Agent" with skills: sql_injection, xss, csrf, ssrf, authentication_jwt (too broad)
+- "Everything Agent" with skills: all available skills (completely unfocused)
+- Any agent with more than 5 skills (violates constraints)
 
 FOCUS PRINCIPLES:
 - Each agent should have deep expertise in 1-3 related vulnerability types
-- Agents with single modules have the deepest specialization
+- Agents with single skills have the deepest specialization
 - Related vulnerabilities (like SSRF+XXE or Auth+Business Logic) can be combined
 - Never create "kitchen sink" agents that try to do everything
 
@@ -300,36 +301,39 @@ PERSISTENCE IS MANDATORY:
 </multi_agent_system>
 
 <tool_usage>
-Tool calls use XML format:
+Tool call format:
 <function=tool_name>
 <parameter=param_name>value</parameter>
 </function>
 
 CRITICAL RULES:
 0. While active in the agent loop, EVERY message you output MUST be a single tool call. Do not send plain text-only responses.
-1. One tool call per message
+1. Exactly one tool call per message — never include more than one <function>...</function> block in a single LLM message.
 2. Tool call must be last in message
-3. End response after </function> tag. It's your stop word. Do not continue after it.
-4. Use ONLY the exact XML format shown above. NEVER use JSON/YAML/INI or any other syntax for tools or parameters.
-5. Tool names must match exactly the tool "name" defined (no module prefixes, dots, or variants).
+3. EVERY tool call MUST end with </function>. This is MANDATORY. Never omit the closing tag. End your response immediately after </function>.
+4. Use ONLY the exact format shown above. NEVER use JSON/YAML/INI or any other syntax for tools or parameters.
+5. When sending ANY multi-line content in tool parameters, use real newlines (actual line breaks). Do NOT emit literal "\n" sequences. Literal "\n" instead of real line breaks will cause tools to fail.
+6. Tool names must match exactly the tool "name" defined (no module prefixes, dots, or variants).
    - Correct: <function=think> ... </function>
    - Incorrect: <thinking_tools.think> ... </function>
    - Incorrect: <think> ... </think>
    - Incorrect: {"think": {...}}
-6. Parameters must use <parameter=param_name>value</parameter> exactly. Do NOT pass parameters as JSON or key:value lines. Do NOT add quotes/braces around values.
-7. Do NOT wrap tool calls in markdown/code fences or add any text before or after the tool block.
+7. Parameters must use <parameter=param_name>value</parameter> exactly. Do NOT pass parameters as JSON or key:value lines. Do NOT add quotes/braces around values.
+8. Do NOT wrap tool calls in markdown/code fences or add any text before or after the tool block.
 
 Example (agent creation tool):
 <function=create_agent>
 <parameter=task>Perform targeted XSS testing on the search endpoint</parameter>
 <parameter=name>XSS Discovery Agent</parameter>
-<parameter=prompt_modules>xss</parameter>
+<parameter=skills>xss</parameter>
 </function>
 
 SPRAYING EXECUTION NOTE:
 - When performing large payload sprays or fuzzing, encapsulate the entire spraying loop inside a single python or terminal tool call (e.g., a Python script using asyncio/aiohttp). Do not issue one tool call per payload.
 - Favor batch-mode CLI tools (sqlmap, ffuf, nuclei, zaproxy, arjun) where appropriate and check traffic via the proxy when beneficial
 
+REMINDER: Always close each tool call with </function> before going into the next. Incomplete tool calls will fail.
+
 {{ get_tools_prompt() }}
 </tool_usage>
 
@@ -392,12 +396,12 @@ Directories:
 Default user: pentester (sudo available)
 </environment>
 
-{% if loaded_module_names %}
+{% if loaded_skill_names %}
 <specialized_knowledge>
-{# Dynamic prompt modules loaded based on agent specialization #}
+{# Dynamic skills loaded based on agent specialization #}
 
-{% for module_name in loaded_module_names %}
-{{ get_module(module_name) }}
+{% for skill_name in loaded_skill_names %}
+{{ get_skill(skill_name) }}
 
 {% endfor %}
 </specialized_knowledge>

strix/agents/base_agent.py

@@ -1,7 +1,6 @@
 import asyncio
 import contextlib
 import logging
-from pathlib import Path
 from typing import TYPE_CHECKING, Any, Optional
 
 
@@ -16,7 +15,9 @@ from jinja2 import (
 
 from strix.llm import LLM, LLMConfig, LLMRequestFailedError
 from strix.llm.utils import clean_content
+from strix.runtime import SandboxInitializationError
 from strix.tools import process_tool_invocations
+from strix.utils.resource_paths import get_strix_resource_path
 
 from .state import AgentState
 
@@ -34,8 +35,7 @@ class AgentMeta(type):
         if name == "BaseAgent":
             return new_cls
 
-        agents_dir = Path(__file__).parent
-        prompt_dir = agents_dir / name
+        prompt_dir = get_strix_resource_path("agents", name)
 
         new_cls.agent_name = name
         new_cls.jinja_env = Environment(
@@ -65,20 +65,21 @@ class BaseAgent(metaclass=AgentMeta):
         self.llm_config = config.get("llm_config", self.default_llm_config)
         if self.llm_config is None:
             raise ValueError("llm_config is required but not provided")
-        self.llm = LLM(self.llm_config, agent_name=self.agent_name)
-
         state_from_config = config.get("state")
         if state_from_config is not None:
             self.state = state_from_config
         else:
             self.state = AgentState(
-                agent_name=self.agent_name,
+                agent_name="Root Agent",
                 max_iterations=self.max_iterations,
             )
 
+        self.llm = LLM(self.llm_config, agent_name=self.agent_name)
+
         with contextlib.suppress(Exception):
-            self.llm.set_agent_identity(self.agent_name, self.state.agent_id)
+            self.llm.set_agent_identity(self.state.agent_name, self.state.agent_id)
         self._current_task: asyncio.Task[Any] | None = None
+        self._force_stop = False
 
         from strix.telemetry.tracer import get_global_tracer
 
@@ -145,19 +146,22 @@ class BaseAgent(metaclass=AgentMeta):
         if self.state.parent_id is None and agents_graph_actions._root_agent_id is None:
             agents_graph_actions._root_agent_id = self.state.agent_id
 
-    def cancel_current_execution(self) -> None:
-        if self._current_task and not self._current_task.done():
-            self._current_task.cancel()
-            self._current_task = None
-
     async def agent_loop(self, task: str) -> dict[str, Any]:  # noqa: PLR0912, PLR0915
-        await self._initialize_sandbox_and_state(task)
-
         from strix.telemetry.tracer import get_global_tracer
 
         tracer = get_global_tracer()
 
+        try:
+            await self._initialize_sandbox_and_state(task)
+        except SandboxInitializationError as e:
+            return self._handle_sandbox_error(e, tracer)
+
         while True:
+            if self._force_stop:
+                self._force_stop = False
+                await self._enter_waiting_state(tracer, was_cancelled=True)
+                continue
+
             self._check_agent_messages(self.state)
 
             if self.state.is_waiting_for_input():
@@ -204,7 +208,11 @@ class BaseAgent(metaclass=AgentMeta):
                 self.state.add_message("user", final_warning_msg)
 
             try:
-                should_finish = await self._process_iteration(tracer)
+                iteration_task = asyncio.create_task(self._process_iteration(tracer))
+                self._current_task = iteration_task
+                should_finish = await iteration_task
+                self._current_task = None
+
                 if should_finish:
                     if self.non_interactive:
                         self.state.set_completed({"success": True})
@@ -215,43 +223,22 @@ class BaseAgent(metaclass=AgentMeta):
                     continue
 
             except asyncio.CancelledError:
+                self._current_task = None
+                if tracer:
+                    partial_content = tracer.finalize_streaming_as_interrupted(self.state.agent_id)
+                    if partial_content and partial_content.strip():
+                        self.state.add_message(
+                            "assistant", f"{partial_content}\n\n[ABORTED BY USER]"
+                        )
                 if self.non_interactive:
                     raise
                 await self._enter_waiting_state(tracer, error_occurred=False, was_cancelled=True)
                 continue
 
             except LLMRequestFailedError as e:
-                error_msg = str(e)
-                error_details = getattr(e, "details", None)
-                self.state.add_error(error_msg)
-
-                if self.non_interactive:
-                    self.state.set_completed({"success": False, "error": error_msg})
-                    if tracer:
-                        tracer.update_agent_status(self.state.agent_id, "failed", error_msg)
-                        if error_details:
-                            tracer.log_tool_execution_start(
-                                self.state.agent_id,
-                                "llm_error_details",
-                                {"error": error_msg, "details": error_details},
-                            )
-                            tracer.update_tool_execution(
-                                tracer._next_execution_id - 1, "failed", error_details
-                            )
-                    return {"success": False, "error": error_msg}
-
-                self.state.enter_waiting_state(llm_failed=True)
-                if tracer:
-                    tracer.update_agent_status(self.state.agent_id, "llm_failed", error_msg)
-                    if error_details:
-                        tracer.log_tool_execution_start(
-                            self.state.agent_id,
-                            "llm_error_details",
-                            {"error": error_msg, "details": error_details},
-                        )
-                        tracer.update_tool_execution(
-                            tracer._next_execution_id - 1, "failed", error_details
-                        )
+                result = self._handle_llm_error(e, tracer)
+                if result is not None:
+                    return result
                 continue
 
             except (RuntimeError, ValueError, TypeError) as e:
@@ -265,11 +252,12 @@ class BaseAgent(metaclass=AgentMeta):
                     continue
 
     async def _wait_for_input(self) -> None:
-        import asyncio
+        if self._force_stop:
+            return
 
         if self.state.has_waiting_timeout():
             self.state.resume_from_waiting()
-            self.state.add_message("assistant", "Waiting timeout reached. Resuming execution.")
+            self.state.add_message("user", "Waiting timeout reached. Resuming execution.")
 
             from strix.telemetry.tracer import get_global_tracer
 
@@ -334,16 +322,22 @@ class BaseAgent(metaclass=AgentMeta):
         if not sandbox_mode and self.state.sandbox_id is None:
             from strix.runtime import get_runtime
 
-            runtime = get_runtime()
-            sandbox_info = await runtime.create_sandbox(
-                self.state.agent_id, self.state.sandbox_token, self.local_sources
-            )
-            self.state.sandbox_id = sandbox_info["workspace_id"]
-            self.state.sandbox_token = sandbox_info["auth_token"]
-            self.state.sandbox_info = sandbox_info
+            try:
+                runtime = get_runtime()
+                sandbox_info = await runtime.create_sandbox(
+                    self.state.agent_id, self.state.sandbox_token, self.local_sources
+                )
+                self.state.sandbox_id = sandbox_info["workspace_id"]
+                self.state.sandbox_token = sandbox_info["auth_token"]
+                self.state.sandbox_info = sandbox_info
+
+                if "agent_id" in sandbox_info:
+                    self.state.sandbox_info["agent_id"] = sandbox_info["agent_id"]
+            except Exception as e:
+                from strix.telemetry import posthog
 
-            if "agent_id" in sandbox_info:
-                self.state.sandbox_info["agent_id"] = sandbox_info["agent_id"]
+                posthog.error("sandbox_init_error", str(e))
+                raise
 
         if not self.state.task:
             self.state.task = task
@@ -351,9 +345,17 @@ class BaseAgent(metaclass=AgentMeta):
         self.state.add_message("user", task)
 
     async def _process_iteration(self, tracer: Optional["Tracer"]) -> bool:
-        response = await self.llm.generate(self.state.get_conversation_history())
+        final_response = None
+
+        async for response in self.llm.generate(self.state.get_conversation_history()):
+            final_response = response
+            if tracer and response.content:
+                tracer.update_streaming_content(self.state.agent_id, response.content)
+
+        if final_response is None:
+            return False
 
-        content_stripped = (response.content or "").strip()
+        content_stripped = (final_response.content or "").strip()
 
         if not content_stripped:
             corrective_message = (
@@ -369,17 +371,19 @@ class BaseAgent(metaclass=AgentMeta):
             self.state.add_message("user", corrective_message)
             return False
 
-        self.state.add_message("assistant", response.content)
+        thinking_blocks = getattr(final_response, "thinking_blocks", None)
+        self.state.add_message("assistant", final_response.content, thinking_blocks=thinking_blocks)
         if tracer:
+            tracer.clear_streaming_content(self.state.agent_id)
             tracer.log_chat_message(
-                content=clean_content(response.content),
+                content=clean_content(final_response.content),
                 role="assistant",
                 agent_id=self.state.agent_id,
             )
 
         actions = (
-            response.tool_invocations
-            if hasattr(response, "tool_invocations") and response.tool_invocations
+            final_response.tool_invocations
+            if hasattr(final_response, "tool_invocations") and final_response.tool_invocations
             else []
         )
 
@@ -420,18 +424,6 @@ class BaseAgent(metaclass=AgentMeta):
 
         return False
 
-    async def _handle_iteration_error(
-        self,
-        error: RuntimeError | ValueError | TypeError | asyncio.CancelledError,
-        tracer: Optional["Tracer"],
-    ) -> bool:
-        error_msg = f"Error in iteration {self.state.iteration}: {error!s}"
-        logger.exception(error_msg)
-        self.state.add_error(error_msg)
-        if tracer:
-            tracer.update_agent_status(self.state.agent_id, "error")
-        return True
-
     def _check_agent_messages(self, state: AgentState) -> None:  # noqa: PLR0912
         try:
             from strix.tools.agents_graph.agents_graph_actions import _agent_graph, _agent_messages
@@ -516,3 +508,95 @@ class BaseAgent(metaclass=AgentMeta):
             logger = logging.getLogger(__name__)
             logger.warning(f"Error checking agent messages: {e}")
             return
+
+    def _handle_sandbox_error(
+        self,
+        error: SandboxInitializationError,
+        tracer: Optional["Tracer"],
+    ) -> dict[str, Any]:
+        error_msg = str(error.message)
+        error_details = error.details
+        self.state.add_error(error_msg)
+
+        if self.non_interactive:
+            self.state.set_completed({"success": False, "error": error_msg})
+            if tracer:
+                tracer.update_agent_status(self.state.agent_id, "failed", error_msg)
+                if error_details:
+                    exec_id = tracer.log_tool_execution_start(
+                        self.state.agent_id,
+                        "sandbox_error_details",
+                        {"error": error_msg, "details": error_details},
+                    )
+                    tracer.update_tool_execution(exec_id, "failed", {"details": error_details})
+            return {"success": False, "error": error_msg, "details": error_details}
+
+        self.state.enter_waiting_state()
+        if tracer:
+            tracer.update_agent_status(self.state.agent_id, "sandbox_failed", error_msg)
+            if error_details:
+                exec_id = tracer.log_tool_execution_start(
+                    self.state.agent_id,
+                    "sandbox_error_details",
+                    {"error": error_msg, "details": error_details},
+                )
+                tracer.update_tool_execution(exec_id, "failed", {"details": error_details})
+
+        return {"success": False, "error": error_msg, "details": error_details}
+
+    def _handle_llm_error(
+        self,
+        error: LLMRequestFailedError,
+        tracer: Optional["Tracer"],
+    ) -> dict[str, Any] | None:
+        error_msg = str(error)
+        error_details = getattr(error, "details", None)
+        self.state.add_error(error_msg)
+
+        if self.non_interactive:
+            self.state.set_completed({"success": False, "error": error_msg})
+            if tracer:
+                tracer.update_agent_status(self.state.agent_id, "failed", error_msg)
+                if error_details:
+                    exec_id = tracer.log_tool_execution_start(
+                        self.state.agent_id,
+                        "llm_error_details",
+                        {"error": error_msg, "details": error_details},
+                    )
+                    tracer.update_tool_execution(exec_id, "failed", {"details": error_details})
+            return {"success": False, "error": error_msg}
+
+        self.state.enter_waiting_state(llm_failed=True)
+        if tracer:
+            tracer.update_agent_status(self.state.agent_id, "llm_failed", error_msg)
+            if error_details:
+                exec_id = tracer.log_tool_execution_start(
+                    self.state.agent_id,
+                    "llm_error_details",
+                    {"error": error_msg, "details": error_details},
+                )
+                tracer.update_tool_execution(exec_id, "failed", {"details": error_details})
+
+        return None
+
+    async def _handle_iteration_error(
+        self,
+        error: RuntimeError | ValueError | TypeError | asyncio.CancelledError,
+        tracer: Optional["Tracer"],
+    ) -> bool:
+        error_msg = f"Error in iteration {self.state.iteration}: {error!s}"
+        logger.exception(error_msg)
+        self.state.add_error(error_msg)
+        if tracer:
+            tracer.update_agent_status(self.state.agent_id, "error")
+        return True
+
+    def cancel_current_execution(self) -> None:
+        self._force_stop = True
+        if self._current_task and not self._current_task.done():
+            try:
+                loop = self._current_task.get_loop()
+                loop.call_soon_threadsafe(self._current_task.cancel)
+            except RuntimeError:
+                self._current_task.cancel()
+        self._current_task = None

strix/agents/state.py

@@ -43,8 +43,11 @@ class AgentState(BaseModel):
         self.iteration += 1
         self.last_updated = datetime.now(UTC).isoformat()
 
-    def add_message(self, role: str, content: Any) -> None:
-        self.messages.append({"role": role, "content": content})
+    def add_message(self, role: str, content: Any, thinking_blocks: list[dict[str, Any]] | None = None) -> None:
+        message = {"role": role, "content": content}
+        if thinking_blocks:
+            message["thinking_blocks"] = thinking_blocks
+        self.messages.append(message)
         self.last_updated = datetime.now(UTC).isoformat()
 
     def add_action(self, action: dict[str, Any]) -> None:

strix/config/__init__.py

@@ -0,0 +1,12 @@
+from strix.config.config import (
+    Config,
+    apply_saved_config,
+    save_current_config,
+)
+
+
+__all__ = [
+    "Config",
+    "apply_saved_config",
+    "save_current_config",
+]