strix-agent 0.4.0__py3-none-any.whl → 0.6.2__py3-none-any.whl

strix/interface/utils.py

@@ -38,6 +38,165 @@ def get_severity_color(severity: str) -> str:
     return severity_colors.get(severity, "#6b7280")
 
 
+def get_cvss_color(cvss_score: float) -> str:
+    if cvss_score >= 9.0:
+        return "#dc2626"
+    if cvss_score >= 7.0:
+        return "#ea580c"
+    if cvss_score >= 4.0:
+        return "#d97706"
+    if cvss_score >= 0.1:
+        return "#65a30d"
+    return "#6b7280"
+
+
+def format_vulnerability_report(report: dict[str, Any]) -> Text:  # noqa: PLR0912, PLR0915
+    """Format a vulnerability report for CLI display with all rich fields."""
+    field_style = "bold #4ade80"
+
+    text = Text()
+
+    title = report.get("title", "")
+    if title:
+        text.append("Vulnerability Report", style="bold #ea580c")
+        text.append("\n\n")
+        text.append("Title: ", style=field_style)
+        text.append(title)
+
+    severity = report.get("severity", "")
+    if severity:
+        text.append("\n\n")
+        text.append("Severity: ", style=field_style)
+        severity_color = get_severity_color(severity.lower())
+        text.append(severity.upper(), style=f"bold {severity_color}")
+
+    cvss = report.get("cvss")
+    if cvss is not None:
+        text.append("\n\n")
+        text.append("CVSS Score: ", style=field_style)
+        cvss_color = get_cvss_color(cvss)
+        text.append(f"{cvss:.1f}", style=f"bold {cvss_color}")
+
+    target = report.get("target")
+    if target:
+        text.append("\n\n")
+        text.append("Target: ", style=field_style)
+        text.append(target)
+
+    endpoint = report.get("endpoint")
+    if endpoint:
+        text.append("\n\n")
+        text.append("Endpoint: ", style=field_style)
+        text.append(endpoint)
+
+    method = report.get("method")
+    if method:
+        text.append("\n\n")
+        text.append("Method: ", style=field_style)
+        text.append(method)
+
+    cve = report.get("cve")
+    if cve:
+        text.append("\n\n")
+        text.append("CVE: ", style=field_style)
+        text.append(cve)
+
+    cvss_breakdown = report.get("cvss_breakdown", {})
+    if cvss_breakdown:
+        text.append("\n\n")
+        cvss_parts = []
+        if cvss_breakdown.get("attack_vector"):
+            cvss_parts.append(f"AV:{cvss_breakdown['attack_vector']}")
+        if cvss_breakdown.get("attack_complexity"):
+            cvss_parts.append(f"AC:{cvss_breakdown['attack_complexity']}")
+        if cvss_breakdown.get("privileges_required"):
+            cvss_parts.append(f"PR:{cvss_breakdown['privileges_required']}")
+        if cvss_breakdown.get("user_interaction"):
+            cvss_parts.append(f"UI:{cvss_breakdown['user_interaction']}")
+        if cvss_breakdown.get("scope"):
+            cvss_parts.append(f"S:{cvss_breakdown['scope']}")
+        if cvss_breakdown.get("confidentiality"):
+            cvss_parts.append(f"C:{cvss_breakdown['confidentiality']}")
+        if cvss_breakdown.get("integrity"):
+            cvss_parts.append(f"I:{cvss_breakdown['integrity']}")
+        if cvss_breakdown.get("availability"):
+            cvss_parts.append(f"A:{cvss_breakdown['availability']}")
+        if cvss_parts:
+            text.append("CVSS Vector: ", style=field_style)
+            text.append("/".join(cvss_parts), style="dim")
+
+    description = report.get("description")
+    if description:
+        text.append("\n\n")
+        text.append("Description", style=field_style)
+        text.append("\n")
+        text.append(description)
+
+    impact = report.get("impact")
+    if impact:
+        text.append("\n\n")
+        text.append("Impact", style=field_style)
+        text.append("\n")
+        text.append(impact)
+
+    technical_analysis = report.get("technical_analysis")
+    if technical_analysis:
+        text.append("\n\n")
+        text.append("Technical Analysis", style=field_style)
+        text.append("\n")
+        text.append(technical_analysis)
+
+    poc_description = report.get("poc_description")
+    if poc_description:
+        text.append("\n\n")
+        text.append("PoC Description", style=field_style)
+        text.append("\n")
+        text.append(poc_description)
+
+    poc_script_code = report.get("poc_script_code")
+    if poc_script_code:
+        text.append("\n\n")
+        text.append("PoC Code", style=field_style)
+        text.append("\n")
+        text.append(poc_script_code, style="dim")
+
+    code_file = report.get("code_file")
+    if code_file:
+        text.append("\n\n")
+        text.append("Code File: ", style=field_style)
+        text.append(code_file)
+
+    code_before = report.get("code_before")
+    if code_before:
+        text.append("\n\n")
+        text.append("Code Before", style=field_style)
+        text.append("\n")
+        text.append(code_before, style="dim")
+
+    code_after = report.get("code_after")
+    if code_after:
+        text.append("\n\n")
+        text.append("Code After", style=field_style)
+        text.append("\n")
+        text.append(code_after, style="dim")
+
+    code_diff = report.get("code_diff")
+    if code_diff:
+        text.append("\n\n")
+        text.append("Code Diff", style=field_style)
+        text.append("\n")
+        text.append(code_diff, style="dim")
+
+    remediation_steps = report.get("remediation_steps")
+    if remediation_steps:
+        text.append("\n\n")
+        text.append("Remediation", style=field_style)
+        text.append("\n")
+        text.append(remediation_steps)
+
+    return text
+
+
 def _build_vulnerability_stats(stats_text: Text, tracer: Any) -> None:
     """Build vulnerability section of stats text."""
     vuln_count = len(tracer.vulnerability_reports)
@@ -129,11 +288,17 @@ def build_final_stats_text(tracer: Any) -> Text:
     return stats_text
 
 
-def build_live_stats_text(tracer: Any) -> Text:
+def build_live_stats_text(tracer: Any, agent_config: dict[str, Any] | None = None) -> Text:
     stats_text = Text()
     if not tracer:
         return stats_text
 
+    if agent_config:
+        llm_config = agent_config["llm_config"]
+        model = getattr(llm_config, "model_name", "Unknown")
+        stats_text.append(f"🧠 Model: {model}")
+        stats_text.append("\n")
+
     vuln_count = len(tracer.vulnerability_reports)
     tool_count = tracer.get_real_tool_count()
     agent_count = len(tracer.agents)
@@ -196,6 +361,31 @@ def build_live_stats_text(tracer: Any) -> Text:
     return stats_text
 
 
+def build_tui_stats_text(tracer: Any, agent_config: dict[str, Any] | None = None) -> Text:
+    stats_text = Text()
+    if not tracer:
+        return stats_text
+
+    if agent_config:
+        llm_config = agent_config["llm_config"]
+        model = getattr(llm_config, "model_name", "Unknown")
+        stats_text.append(model, style="dim")
+
+    llm_stats = tracer.get_total_llm_stats()
+    total_stats = llm_stats["total"]
+
+    total_tokens = total_stats["input_tokens"] + total_stats["output_tokens"]
+    if total_tokens > 0:
+        stats_text.append("\n")
+        stats_text.append(f"{format_token_count(total_tokens)} tokens", style="dim")
+
+    if total_stats["cost"] > 0:
+        stats_text.append("\n")
+        stats_text.append(f"${total_stats['cost']:.2f} spent", style="dim")
+
+    return stats_text
+
+
 # Name generation utilities
 
 
@@ -398,6 +588,47 @@ def collect_local_sources(targets_info: list[dict[str, Any]]) -> list[dict[str,
     return local_sources
 
 
+def _is_localhost_host(host: str) -> bool:
+    host_lower = host.lower().strip("[]")
+
+    if host_lower in ("localhost", "0.0.0.0", "::1"):  # nosec B104
+        return True
+
+    try:
+        ip = ipaddress.ip_address(host_lower)
+        if isinstance(ip, ipaddress.IPv4Address):
+            return ip.is_loopback  # 127.0.0.0/8
+        if isinstance(ip, ipaddress.IPv6Address):
+            return ip.is_loopback  # ::1
+    except ValueError:
+        pass
+
+    return False
+
+
+def rewrite_localhost_targets(targets_info: list[dict[str, Any]], host_gateway: str) -> None:
+    from yarl import URL  # type: ignore[import-not-found]
+
+    for target_info in targets_info:
+        target_type = target_info.get("type")
+        details = target_info.get("details", {})
+
+        if target_type == "web_application":
+            target_url = details.get("target_url", "")
+            try:
+                url = URL(target_url)
+            except (ValueError, TypeError):
+                continue
+
+            if url.host and _is_localhost_host(url.host):
+                details["target_url"] = str(url.with_host(host_gateway))
+
+        elif target_type == "ip_address":
+            target_ip = details.get("target_ip", "")
+            if target_ip and _is_localhost_host(target_ip):
+                details["target_ip"] = host_gateway
+
+
 # Repository utilities
 def clone_repository(repo_url: str, run_name: str, dest_name: str | None = None) -> str:
     console = Console()
@@ -488,9 +719,10 @@ def check_docker_connection() -> Any:
         error_text.append("DOCKER NOT AVAILABLE", style="bold red")
         error_text.append("\n\n", style="white")
         error_text.append("Cannot connect to Docker daemon.\n", style="white")
-        error_text.append("Please ensure Docker is installed and running.\n\n", style="white")
-        error_text.append("Try running: ", style="dim white")
-        error_text.append("sudo systemctl start docker", style="dim cyan")
+        error_text.append(
+            "Please ensure Docker Desktop is installed and running, and try running strix again.\n",
+            style="white",
+        )
 
         panel = Panel(
             error_text,

strix/llm/__init__.py

@@ -1,3 +1,6 @@
+import logging
+import warnings
+
 import litellm
 
 from .config import LLMConfig
@@ -11,5 +14,6 @@ __all__ = [
 ]
 
 litellm._logging._disable_debugging()
-
-litellm.drop_params = True
+logging.getLogger("asyncio").setLevel(logging.CRITICAL)
+logging.getLogger("asyncio").propagate = False
+warnings.filterwarnings("ignore", category=RuntimeWarning, module="asyncio")

strix/llm/config.py

@@ -1,4 +1,4 @@
-import os
+from strix.config import Config
 
 
 class LLMConfig:
@@ -6,15 +6,18 @@ class LLMConfig:
         self,
         model_name: str | None = None,
         enable_prompt_caching: bool = True,
-        prompt_modules: list[str] | None = None,
+        skills: list[str] | None = None,
         timeout: int | None = None,
+        scan_mode: str = "deep",
     ):
-        self.model_name = model_name or os.getenv("STRIX_LLM", "openai/gpt-5")
+        self.model_name = model_name or Config.get("strix_llm")
 
         if not self.model_name:
             raise ValueError("STRIX_LLM environment variable must be set and not empty")
 
         self.enable_prompt_caching = enable_prompt_caching
-        self.prompt_modules = prompt_modules or []
+        self.skills = skills or []
 
-        self.timeout = timeout or int(os.getenv("LLM_TIMEOUT", "600"))
+        self.timeout = timeout or int(Config.get("llm_timeout") or "300")
+
+        self.scan_mode = scan_mode if scan_mode in ["quick", "standard", "deep"] else "deep"

strix/llm/dedupe.py

@@ -0,0 +1,217 @@
+import json
+import logging
+import re
+from typing import Any
+
+import litellm
+
+from strix.config import Config
+
+
+logger = logging.getLogger(__name__)
+
+DEDUPE_SYSTEM_PROMPT = """You are an expert vulnerability report deduplication judge.
+Your task is to determine if a candidate vulnerability report describes the SAME vulnerability
+as any existing report.
+
+CRITICAL DEDUPLICATION RULES:
+
+1. SAME VULNERABILITY means:
+   - Same root cause (e.g., "missing input validation" not just "SQL injection")
+   - Same affected component/endpoint/file (exact match or clear overlap)
+   - Same exploitation method or attack vector
+   - Would be fixed by the same code change/patch
+
+2. NOT DUPLICATES if:
+   - Different endpoints even with same vulnerability type (e.g., SQLi in /login vs /search)
+   - Different parameters in same endpoint (e.g., XSS in 'name' vs 'comment' field)
+   - Different root causes (e.g., stored XSS vs reflected XSS in same field)
+   - Different severity levels due to different impact
+   - One is authenticated, other is unauthenticated
+
+3. ARE DUPLICATES even if:
+   - Titles are worded differently
+   - Descriptions have different level of detail
+   - PoC uses different payloads but exploits same issue
+   - One report is more thorough than another
+   - Minor variations in technical analysis
+
+COMPARISON GUIDELINES:
+- Focus on the technical root cause, not surface-level similarities
+- Same vulnerability type (SQLi, XSS) doesn't mean duplicate - location matters
+- Consider the fix: would fixing one also fix the other?
+- When uncertain, lean towards NOT duplicate
+
+FIELDS TO ANALYZE:
+- title, description: General vulnerability info
+- target, endpoint, method: Exact location of vulnerability
+- technical_analysis: Root cause details
+- poc_description: How it's exploited
+- impact: What damage it can cause
+
+YOU MUST RESPOND WITH EXACTLY THIS XML FORMAT AND NOTHING ELSE:
+
+<dedupe_result>
+<is_duplicate>true</is_duplicate>
+<duplicate_id>vuln-0001</duplicate_id>
+<confidence>0.95</confidence>
+<reason>Both reports describe SQL injection in /api/login via the username parameter</reason>
+</dedupe_result>
+
+OR if not a duplicate:
+
+<dedupe_result>
+<is_duplicate>false</is_duplicate>
+<duplicate_id></duplicate_id>
+<confidence>0.90</confidence>
+<reason>Different endpoints: candidate is /api/search, existing is /api/login</reason>
+</dedupe_result>
+
+RULES:
+- is_duplicate MUST be exactly "true" or "false" (lowercase)
+- duplicate_id MUST be the exact ID from existing reports or empty if not duplicate
+- confidence MUST be a decimal (your confidence level in the decision)
+- reason MUST be a specific explanation mentioning endpoint/parameter/root cause
+- DO NOT include any text outside the <dedupe_result> tags"""
+
+
+def _prepare_report_for_comparison(report: dict[str, Any]) -> dict[str, Any]:
+    relevant_fields = [
+        "id",
+        "title",
+        "description",
+        "impact",
+        "target",
+        "technical_analysis",
+        "poc_description",
+        "endpoint",
+        "method",
+    ]
+
+    cleaned = {}
+    for field in relevant_fields:
+        if report.get(field):
+            value = report[field]
+            if isinstance(value, str) and len(value) > 8000:
+                value = value[:8000] + "...[truncated]"
+            cleaned[field] = value
+
+    return cleaned
+
+
+def _extract_xml_field(content: str, field: str) -> str:
+    pattern = rf"<{field}>(.*?)</{field}>"
+    match = re.search(pattern, content, re.DOTALL | re.IGNORECASE)
+    if match:
+        return match.group(1).strip()
+    return ""
+
+
+def _parse_dedupe_response(content: str) -> dict[str, Any]:
+    result_match = re.search(
+        r"<dedupe_result>(.*?)</dedupe_result>", content, re.DOTALL | re.IGNORECASE
+    )
+
+    if not result_match:
+        logger.warning(f"No <dedupe_result> block found in response: {content[:500]}")
+        raise ValueError("No <dedupe_result> block found in response")
+
+    result_content = result_match.group(1)
+
+    is_duplicate_str = _extract_xml_field(result_content, "is_duplicate")
+    duplicate_id = _extract_xml_field(result_content, "duplicate_id")
+    confidence_str = _extract_xml_field(result_content, "confidence")
+    reason = _extract_xml_field(result_content, "reason")
+
+    is_duplicate = is_duplicate_str.lower() == "true"
+
+    try:
+        confidence = float(confidence_str) if confidence_str else 0.0
+    except ValueError:
+        confidence = 0.0
+
+    return {
+        "is_duplicate": is_duplicate,
+        "duplicate_id": duplicate_id[:64] if duplicate_id else "",
+        "confidence": confidence,
+        "reason": reason[:500] if reason else "",
+    }
+
+
+def check_duplicate(
+    candidate: dict[str, Any], existing_reports: list[dict[str, Any]]
+) -> dict[str, Any]:
+    if not existing_reports:
+        return {
+            "is_duplicate": False,
+            "duplicate_id": "",
+            "confidence": 1.0,
+            "reason": "No existing reports to compare against",
+        }
+
+    try:
+        candidate_cleaned = _prepare_report_for_comparison(candidate)
+        existing_cleaned = [_prepare_report_for_comparison(r) for r in existing_reports]
+
+        comparison_data = {"candidate": candidate_cleaned, "existing_reports": existing_cleaned}
+
+        model_name = Config.get("strix_llm")
+        api_key = Config.get("llm_api_key")
+        api_base = (
+            Config.get("llm_api_base")
+            or Config.get("openai_api_base")
+            or Config.get("litellm_base_url")
+            or Config.get("ollama_api_base")
+        )
+
+        messages = [
+            {"role": "system", "content": DEDUPE_SYSTEM_PROMPT},
+            {
+                "role": "user",
+                "content": (
+                    f"Compare this candidate vulnerability against existing reports:\n\n"
+                    f"{json.dumps(comparison_data, indent=2)}\n\n"
+                    f"Respond with ONLY the <dedupe_result> XML block."
+                ),
+            },
+        ]
+
+        completion_kwargs: dict[str, Any] = {
+            "model": model_name,
+            "messages": messages,
+            "timeout": 120,
+        }
+        if api_key:
+            completion_kwargs["api_key"] = api_key
+        if api_base:
+            completion_kwargs["api_base"] = api_base
+
+        response = litellm.completion(**completion_kwargs)
+
+        content = response.choices[0].message.content
+        if not content:
+            return {
+                "is_duplicate": False,
+                "duplicate_id": "",
+                "confidence": 0.0,
+                "reason": "Empty response from LLM",
+            }
+
+        result = _parse_dedupe_response(content)
+
+        logger.info(
+            f"Deduplication check: is_duplicate={result['is_duplicate']}, "
+            f"confidence={result['confidence']}, reason={result['reason'][:100]}"
+        )
+
+    except Exception as e:
+        logger.exception("Error during vulnerability deduplication check")
+        return {
+            "is_duplicate": False,
+            "duplicate_id": "",
+            "confidence": 0.0,
+            "reason": f"Deduplication check failed: {e}",
+            "error": str(e),
+        }
+    else:
+        return result