strix-agent 0.4.0__py3-none-any.whl → 0.6.2__py3-none-any.whl

strix/tools/file_edit/file_edit_actions_schema.xml

@@ -104,8 +104,30 @@
   # Create a file
   <function=str_replace_editor>
   <parameter=command>create</parameter>
-  <parameter=path>/home/user/project/new_file.py</parameter>
-  <parameter=file_text>print("Hello World")</parameter>
+  <parameter=path>/home/user/project/exploit.py</parameter>
+  <parameter=file_text>#!/usr/bin/env python3
+"""SQL Injection exploit for Acme Corp login endpoint."""
+
+import requests
+import sys
+
+TARGET = "https://app.acme-corp.com/api/v1/auth/login"
+
+def exploit(username: str) -> dict:
+    payload = {
+        "username": f"{username}'--",
+        "password": "anything"
+    }
+    response = requests.post(TARGET, json=payload, timeout=10)
+    return response.json()
+
+if __name__ == "__main__":
+    if len(sys.argv) < 2:
+        print(f"Usage: {sys.argv[0]} <username>")
+        sys.exit(1)
+
+    result = exploit(sys.argv[1])
+    print(f"Result: {result}")</parameter>
   </function>
 
   # Replace text in file
@@ -121,7 +143,27 @@
   <parameter=command>insert</parameter>
   <parameter=path>/home/user/project/file.py</parameter>
   <parameter=insert_line>10</parameter>
-  <parameter=new_str>print("Inserted line")</parameter>
+  <parameter=new_str>def validate_input(user_input: str) -> bool:
+    """Validate user input to prevent injection attacks."""
+    forbidden_chars = ["'", '"', ";", "--", "/*", "*/"]
+    for char in forbidden_chars:
+        if char in user_input:
+            return False
+    return True</parameter>
+  </function>
+
+  # Replace code block
+  <function=str_replace_editor>
+  <parameter=command>str_replace</parameter>
+  <parameter=path>/home/user/project/auth.py</parameter>
+  <parameter=old_str>def authenticate(username, password):
+    query = f"SELECT * FROM users WHERE username = '{username}'"
+    result = db.execute(query)
+    return result</parameter>
+  <parameter=new_str>def authenticate(username, password):
+    query = "SELECT * FROM users WHERE username = %s"
+    result = db.execute(query, (username,))
+    return result</parameter>
   </function>
     </examples>
   </tool>

strix/tools/finish/finish_actions.py

@@ -4,49 +4,40 @@ from strix.tools.registry import register_tool
 
 
 def _validate_root_agent(agent_state: Any) -> dict[str, Any] | None:
-    if (
-        agent_state is not None
-        and hasattr(agent_state, "parent_id")
-        and agent_state.parent_id is not None
-    ):
+    if agent_state and hasattr(agent_state, "parent_id") and agent_state.parent_id is not None:
         return {
             "success": False,
-            "message": (
-                "This tool can only be used by the root/main agent. "
-                "Subagents must use agent_finish instead."
-            ),
+            "error": "finish_scan_wrong_agent",
+            "message": "This tool can only be used by the root/main agent",
+            "suggestion": "If you are a subagent, use agent_finish from agents_graph tool instead",
         }
     return None
 
 
-def _validate_content(content: str) -> dict[str, Any] | None:
-    if not content or not content.strip():
-        return {"success": False, "message": "Content cannot be empty"}
-    return None
-
-
 def _check_active_agents(agent_state: Any = None) -> dict[str, Any] | None:
     try:
         from strix.tools.agents_graph.agents_graph_actions import _agent_graph
 
-        current_agent_id = None
-        if agent_state and hasattr(agent_state, "agent_id"):
+        if agent_state and agent_state.agent_id:
             current_agent_id = agent_state.agent_id
+        else:
+            return None
 
-        running_agents = []
+        active_agents = []
         stopping_agents = []
 
-        for agent_id, node in _agent_graph.get("nodes", {}).items():
+        for agent_id, node in _agent_graph["nodes"].items():
             if agent_id == current_agent_id:
                 continue
 
-            status = node.get("status", "")
+            status = node.get("status", "unknown")
             if status == "running":
-                running_agents.append(
+                active_agents.append(
                     {
                         "id": agent_id,
                         "name": node.get("name", "Unknown"),
-                        "task": node.get("task", "No task description"),
+                        "task": node.get("task", "Unknown task")[:300],
+                        "status": status,
                     }
                 )
             elif status == "stopping":
@@ -54,121 +45,105 @@ def _check_active_agents(agent_state: Any = None) -> dict[str, Any] | None:
                     {
                         "id": agent_id,
                         "name": node.get("name", "Unknown"),
+                        "task": node.get("task", "Unknown task")[:300],
+                        "status": status,
                     }
                 )
 
-        if running_agents or stopping_agents:
-            message_parts = ["Cannot finish scan while other agents are still active:"]
+        if active_agents or stopping_agents:
+            response: dict[str, Any] = {
+                "success": False,
+                "error": "agents_still_active",
+                "message": "Cannot finish scan: agents are still active",
+            }
 
-            if running_agents:
-                message_parts.append("\n\nRunning agents:")
-                message_parts.extend(
-                    [
-                        f"  - {agent['name']} ({agent['id']}): {agent['task']}"
-                        for agent in running_agents
-                    ]
-                )
+            if active_agents:
+                response["active_agents"] = active_agents
 
             if stopping_agents:
-                message_parts.append("\n\nStopping agents:")
-                message_parts.extend(
-                    [f"  - {agent['name']} ({agent['id']})" for agent in stopping_agents]
-                )
+                response["stopping_agents"] = stopping_agents
 
-            message_parts.extend(
-                [
-                    "\n\nSuggested actions:",
-                    "1. Use wait_for_message to wait for all agents to complete",
-                    "2. Send messages to agents asking them to finish if urgent",
-                    "3. Use view_agent_graph to monitor agent status",
-                ]
-            )
+            response["suggestions"] = [
+                "Use wait_for_message to wait for all agents to complete",
+                "Use send_message_to_agent if you need agents to complete immediately",
+                "Check agent_status to see current agent states",
+            ]
 
-            return {
-                "success": False,
-                "message": "\n".join(message_parts),
-                "active_agents": {
-                    "running": len(running_agents),
-                    "stopping": len(stopping_agents),
-                    "details": {
-                        "running": running_agents,
-                        "stopping": stopping_agents,
-                    },
-                },
-            }
+            response["total_active"] = len(active_agents) + len(stopping_agents)
+
+            return response
 
     except ImportError:
+        pass
+    except Exception:
         import logging
 
-        logging.warning("Could not check agent graph status - agents_graph module unavailable")
+        logging.exception("Error checking active agents")
 
     return None
 
 
-def _finalize_with_tracer(content: str, success: bool) -> dict[str, Any]:
+@register_tool(sandbox_execution=False)
+def finish_scan(
+    executive_summary: str,
+    methodology: str,
+    technical_analysis: str,
+    recommendations: str,
+    agent_state: Any = None,
+) -> dict[str, Any]:
+    validation_error = _validate_root_agent(agent_state)
+    if validation_error:
+        return validation_error
+
+    active_agents_error = _check_active_agents(agent_state)
+    if active_agents_error:
+        return active_agents_error
+
+    validation_errors = []
+
+    if not executive_summary or not executive_summary.strip():
+        validation_errors.append("Executive summary cannot be empty")
+    if not methodology or not methodology.strip():
+        validation_errors.append("Methodology cannot be empty")
+    if not technical_analysis or not technical_analysis.strip():
+        validation_errors.append("Technical analysis cannot be empty")
+    if not recommendations or not recommendations.strip():
+        validation_errors.append("Recommendations cannot be empty")
+
+    if validation_errors:
+        return {"success": False, "message": "Validation failed", "errors": validation_errors}
+
     try:
         from strix.telemetry.tracer import get_global_tracer
 
         tracer = get_global_tracer()
         if tracer:
-            tracer.set_final_scan_result(
-                content=content.strip(),
-                success=success,
+            tracer.update_scan_final_fields(
+                executive_summary=executive_summary.strip(),
+                methodology=methodology.strip(),
+                technical_analysis=technical_analysis.strip(),
+                recommendations=recommendations.strip(),
             )
 
+            vulnerability_count = len(tracer.vulnerability_reports)
+
             return {
                 "success": True,
                 "scan_completed": True,
-                "message": "Scan completed successfully"
-                if success
-                else "Scan completed with errors",
-                "vulnerabilities_found": len(tracer.vulnerability_reports),
+                "message": "Scan completed successfully",
+                "vulnerabilities_found": vulnerability_count,
             }
 
         import logging
 
-        logging.warning("Global tracer not available - final scan result not stored")
-
-        return {  # noqa: TRY300
-            "success": True,
-            "scan_completed": True,
-            "message": "Scan completed successfully (not persisted)"
-            if success
-            else "Scan completed with errors (not persisted)",
-            "warning": "Final result could not be persisted - tracer unavailable",
-        }
+        logging.warning("Current tracer not available - scan results not stored")
 
-    except ImportError:
+    except (ImportError, AttributeError) as e:
+        return {"success": False, "message": f"Failed to complete scan: {e!s}"}
+    else:
         return {
             "success": True,
             "scan_completed": True,
-            "message": "Scan completed successfully (not persisted)"
-            if success
-            else "Scan completed with errors (not persisted)",
-            "warning": "Final result could not be persisted - tracer module unavailable",
+            "message": "Scan completed (not persisted)",
+            "warning": "Results could not be persisted - tracer unavailable",
         }
-
-
-@register_tool(sandbox_execution=False)
-def finish_scan(
-    content: str,
-    success: bool = True,
-    agent_state: Any = None,
-) -> dict[str, Any]:
-    try:
-        validation_error = _validate_root_agent(agent_state)
-        if validation_error:
-            return validation_error
-
-        validation_error = _validate_content(content)
-        if validation_error:
-            return validation_error
-
-        active_agents_error = _check_active_agents(agent_state)
-        if active_agents_error:
-            return active_agents_error
-
-        return _finalize_with_tracer(content, success)
-
-    except (ValueError, TypeError, KeyError) as e:
-        return {"success": False, "message": f"Failed to complete scan: {e!s}"}

strix/tools/finish/finish_actions_schema.xml

@@ -1,6 +1,6 @@
 <tools>
   <tool name="finish_scan">
-    <description>Complete the main security scan and generate final report.
+    <description>Complete the security scan by providing the final assessment fields as full penetration test report.
 
 IMPORTANT: This tool can ONLY be used by the root/main agent.
 Subagents must use agent_finish from agents_graph tool instead.
@@ -8,11 +8,20 @@ Subagents must use agent_finish from agents_graph tool instead.
 IMPORTANT: This tool will NOT allow finishing if any agents are still running or stopping.
 You must wait for all agents to complete before using this tool.
 
-This tool MUST be called at the very end of the security assessment to:
-- Verify all agents have completed their tasks
-- Generate the final comprehensive scan report
-- Mark the entire scan as completed
-- Stop the agent from running
+This tool directly updates the scan report data:
+- executive_summary
+- methodology
+- technical_analysis
+- recommendations
+
+All fields are REQUIRED and map directly to the final report.
+
+This must be the last tool called in the scan. It will:
+1. Verify you are the root agent
+2. Check all subagents have completed
+3. Update the scan with your provided fields
+4. Mark the scan as completed
+5. Stop agent execution
 
 Use this tool when:
 - You are the main/root agent conducting the security assessment
@@ -23,23 +32,121 @@ Use this tool when:
 IMPORTANT: Calling this tool multiple times will OVERWRITE any previous scan report.
 Make sure you include ALL findings and details in a single comprehensive report.
 
-If agents are still running, this tool will:
+If agents are still running, the tool will:
 - Show you which agents are still active
 - Suggest using wait_for_message to wait for completion
 - Suggest messaging agents if immediate completion is needed
 
-Put ALL details in the content - methodology, tools used, vulnerability counts, key findings, recommendations,
-compliance notes, risk assessments, next steps, etc. Be comprehensive and include everything relevant.</description>
+NOTE: Make sure the vulnerabilities found were reported with create_vulnerability_report tool, otherwise they will not be tracked and you will not be rewarded.
+But make sure to not report the same vulnerability multiple times.
+
+Professional, customer-facing penetration test report rules (PDF-ready):
+- Do NOT include internal or system details: never mention local/absolute paths (e.g., "/workspace"), internal tools, agents, orchestrators, sandboxes, models, system prompts/instructions, connection/tooling issues, or tester environment details.
+- Tone and style: formal, objective, third-person, concise. No internal checklists or engineering runbooks. Content must read as a polished client deliverable.
+- Structure across fields should align to standard pentest reports:
+  - Executive summary: business impact, risk posture, notable criticals, remediation theme.
+  - Methodology: industry-standard methods (e.g., OWASP, OSSTMM, NIST), scope, constraints—no internal execution notes.
+  - Technical analysis: consolidated findings overview referencing created vulnerability reports; avoid raw logs.
+  - Recommendations: prioritized, actionable, aligned to risk and best practices.
+</description>
     <parameters>
-      <parameter name="content" type="string" required="true">
-        <description>Complete scan report including executive summary, methodology, findings, vulnerability details, recommendations, compliance notes, risk assessment, and conclusions. Include everything relevant to the assessment.</description>
+      <parameter name="executive_summary" type="string" required="true">
+        <description>High-level summary for executives: key findings, overall security posture, critical risks, business impact</description>
       </parameter>
-      <parameter name="success" type="boolean" required="false">
-        <description>Whether the scan completed successfully without critical errors</description>
+      <parameter name="methodology" type="string" required="true">
+        <description>Testing methodology: approach, tools used, scope, techniques employed</description>
+      </parameter>
+      <parameter name="technical_analysis" type="string" required="true">
+        <description>Detailed technical findings and security assessment results over the scan</description>
+      </parameter>
+      <parameter name="recommendations" type="string" required="true">
+        <description>Actionable security recommendations and remediation priorities</description>
       </parameter>
     </parameters>
     <returns type="Dict[str, Any]">
-      <description>Response containing success status and completion message. If agents are still running, returns details about active agents and suggested actions.</description>
+      <description>Response containing success status, vulnerability count, and completion message. If agents are still running, returns details about active agents and suggested actions.</description>
     </returns>
+    <examples>
+
+<function=finish_scan>
+  <parameter=executive_summary>Executive summary
+An external penetration test of the Acme Customer Portal and associated API identified multiple security weaknesses that, if exploited, could result in unauthorized access to customer data, cross-tenant exposure, and access to internal network resources.
+
+Overall risk posture: Elevated.
+
+Key outcomes
+- Confirmed server-side request forgery (SSRF) in a URL preview capability that enables the application to initiate outbound requests to attacker-controlled destinations and internal network ranges.
+- Identified broken access control patterns in business-critical workflows that can enable cross-tenant data access (tenant isolation failures).
+- Observed session and authorization hardening gaps that materially increase risk when combined with other weaknesses.
+
+Business impact
+- Increased likelihood of sensitive data exposure across customers/tenants, including invoices, orders, and account information.
+- Increased risk of internal service exposure through server-side outbound request functionality (including link-local and private network destinations).
+- Increased potential for account compromise and administrative abuse if tokens are stolen or misused.
+
+Remediation theme
+Prioritize eliminating SSRF pathways and centralizing authorization enforcement (deny-by-default). Follow with session hardening and monitoring improvements, then validate with a focused retest.</parameter>
+  <parameter=methodology>Methodology
+The assessment followed industry-standard penetration testing practices aligned to OWASP Web Security Testing Guide (WSTG) concepts and common web/API security testing methodology.
+
+Engagement details
+- Assessment type: External penetration test (black-box with limited gray-box context)
+- Target environment: Production-equivalent staging
+
+Scope (in-scope assets)
+- Web application: https://app.acme-corp.com
+- API base: https://app.acme-corp.com/api/v1/
+
+High-level testing activities
+- Reconnaissance and attack-surface mapping (routes, parameters, workflows)
+- Authentication and session management review (token handling, session lifetime, sensitive actions)
+- Authorization and tenant-isolation testing (object access and privilege boundaries)
+- Input handling and server-side request testing (URL fetchers, imports, previews, callbacks)
+- File handling and content rendering review (uploads, previews, unsafe content types)
+- Configuration review (transport security, security headers, caching behavior, error handling)
+
+Evidence handling and validation standard
+Only validated issues with reproducible impact were treated as findings. Each finding was documented with clear reproduction steps and sufficient evidence to support remediation and verification testing.</parameter>
+  <parameter=technical_analysis>Technical analysis
+This section provides a consolidated view of the confirmed findings and observed risk patterns. Detailed reproduction steps and evidence are documented in the individual vulnerability reports.
+
+Severity model
+Severity reflects a combination of exploitability and potential impact to confidentiality, integrity, and availability, considering realistic attacker capabilities.
+
+Confirmed findings (high level)
+1) Server-side request forgery (SSRF) in URL preview (Critical)
+The application fetches user-supplied URLs server-side to generate previews. Validation controls were insufficient to prevent access to internal and link-local destinations. This creates a pathway to internal network enumeration and potential access to sensitive internal services. Redirect and DNS/normalization bypass risk must be assumed unless controls are comprehensive and applied on every request hop.
+
+2) Broken tenant isolation in order/invoice workflows (High)
+Multiple endpoints accepted object identifiers without consistently enforcing tenant ownership. This is indicative of broken function- and object-level authorization checks. In practice, this can enable cross-tenant access to business-critical resources (viewing or modifying data outside the attacker’s tenant boundary).
+
+3) Administrative action hardening gaps (Medium)
+Several sensitive actions lacked defense-in-depth controls (e.g., re-authentication for high-risk actions, consistent authorization checks across related endpoints, and protections against session misuse). While not all behaviors were immediately exploitable in isolation, they increase the likelihood and blast radius of account compromise when chained with other vulnerabilities.
+
+4) Unsafe file preview/content handling patterns (Medium)
+File preview and rendering behaviors can create exposure to script execution or content-type confusion if unsafe formats are rendered inline. Controls should be consistent: strong content-type validation, forced download where appropriate, and hardening against active content.
+
+Systemic themes and root causes
+- Authorization enforcement appears distributed and inconsistent across endpoints instead of centralized and testable.
+- Outbound request functionality lacks a robust, deny-by-default policy for destination validation.
+- Hardening controls (session lifetime, sensitive-action controls, logging) are applied unevenly, increasing the likelihood of successful attack chains.</parameter>
+  <parameter=recommendations>Recommendations
+Priority 0
+- Eliminate SSRF by implementing a strict destination allowlist and deny-by-default policy for outbound requests. Block private, loopback, and link-local ranges (IPv4 and IPv6) after DNS resolution. Re-validate on every redirect hop. Apply URL parsing/normalization safeguards against ambiguous encodings and unusual IP notations.
+- Apply network egress controls so the application runtime cannot reach sensitive internal ranges or link-local services. Route necessary outbound requests through a policy-enforcing egress proxy with logging.
+
+Priority 1
+- Centralize authorization enforcement for all object access and administrative actions. Implement consistent tenant-ownership checks for every read/write path involving orders, invoices, and account resources. Adopt deny-by-default authorization middleware/policies.
+- Add regression tests for authorization decisions, including cross-tenant negative cases and privilege-boundary testing for administrative endpoints.
+- Harden session management: secure cookie attributes, session rotation after authentication and privilege change events, reduced session lifetime for privileged contexts, and consistent CSRF protections for state-changing actions.
+
+Priority 2
+- Harden file handling and preview behaviors: strict content-type allowlists, forced download for active formats, safe rendering pipelines, and scanning/sanitization where applicable.
+- Improve monitoring and detection: alert on high-risk events such as repeated authorization failures, anomalous outbound fetch attempts, sensitive administrative actions, and unusual access patterns to business-critical resources.
+
+Follow-up validation
+- Conduct a targeted retest after remediation to confirm SSRF controls, tenant isolation enforcement, and session hardening, and to ensure no bypasses exist via redirects, DNS rebinding, or encoding edge cases.</parameter>
+</function>
+    </examples>
   </tool>
 </tools>

strix/tools/notes/notes_actions.py

@@ -11,7 +11,6 @@ _notes_storage: dict[str, dict[str, Any]] = {}
 def _filter_notes(
     category: str | None = None,
     tags: list[str] | None = None,
-    priority: str | None = None,
     search_query: str | None = None,
 ) -> list[dict[str, Any]]:
     filtered_notes = []
@@ -20,9 +19,6 @@ def _filter_notes(
         if category and note.get("category") != category:
             continue
 
-        if priority and note.get("priority") != priority:
-            continue
-
         if tags:
             note_tags = note.get("tags", [])
             if not any(tag in note_tags for tag in tags):
@@ -43,13 +39,12 @@ def _filter_notes(
     return filtered_notes
 
 
-@register_tool
+@register_tool(sandbox_execution=False)
 def create_note(
     title: str,
     content: str,
     category: str = "general",
     tags: list[str] | None = None,
-    priority: str = "normal",
 ) -> dict[str, Any]:
     try:
         if not title or not title.strip():
@@ -58,7 +53,7 @@ def create_note(
         if not content or not content.strip():
             return {"success": False, "error": "Content cannot be empty", "note_id": None}
 
-        valid_categories = ["general", "findings", "methodology", "todo", "questions", "plan"]
+        valid_categories = ["general", "findings", "methodology", "questions", "plan"]
         if category not in valid_categories:
             return {
                 "success": False,
@@ -66,14 +61,6 @@ def create_note(
                 "note_id": None,
             }
 
-        valid_priorities = ["low", "normal", "high", "urgent"]
-        if priority not in valid_priorities:
-            return {
-                "success": False,
-                "error": f"Invalid priority. Must be one of: {', '.join(valid_priorities)}",
-                "note_id": None,
-            }
-
         note_id = str(uuid.uuid4())[:5]
         timestamp = datetime.now(UTC).isoformat()
 
@@ -82,7 +69,6 @@ def create_note(
             "content": content.strip(),
             "category": category,
             "tags": tags or [],
-            "priority": priority,
             "created_at": timestamp,
             "updated_at": timestamp,
         }
@@ -99,17 +85,14 @@ def create_note(
         }
 
 
-@register_tool
+@register_tool(sandbox_execution=False)
 def list_notes(
     category: str | None = None,
     tags: list[str] | None = None,
-    priority: str | None = None,
     search: str | None = None,
 ) -> dict[str, Any]:
     try:
-        filtered_notes = _filter_notes(
-            category=category, tags=tags, priority=priority, search_query=search
-        )
+        filtered_notes = _filter_notes(category=category, tags=tags, search_query=search)
 
         return {
             "success": True,
@@ -126,13 +109,12 @@ def list_notes(
         }
 
 
-@register_tool
+@register_tool(sandbox_execution=False)
 def update_note(
     note_id: str,
     title: str | None = None,
     content: str | None = None,
     tags: list[str] | None = None,
-    priority: str | None = None,
 ) -> dict[str, Any]:
     try:
         if note_id not in _notes_storage:
@@ -153,15 +135,6 @@ def update_note(
         if tags is not None:
             note["tags"] = tags
 
-        if priority is not None:
-            valid_priorities = ["low", "normal", "high", "urgent"]
-            if priority not in valid_priorities:
-                return {
-                    "success": False,
-                    "error": f"Invalid priority. Must be one of: {', '.join(valid_priorities)}",
-                }
-            note["priority"] = priority
-
         note["updated_at"] = datetime.now(UTC).isoformat()
 
         return {
@@ -173,7 +146,7 @@ def update_note(
         return {"success": False, "error": f"Failed to update note: {e}"}
 
 
-@register_tool
+@register_tool(sandbox_execution=False)
 def delete_note(note_id: str) -> dict[str, Any]:
     try:
         if note_id not in _notes_storage: