strix-agent 0.4.0__py3-none-any.whl → 0.6.2__py3-none-any.whl

strix/interface/main.py

@@ -6,10 +6,10 @@ Strix Agent Interface
 import argparse
 import asyncio
 import logging
-import os
 import shutil
 import sys
 from pathlib import Path
+from typing import Any
 
 import litellm
 from docker.errors import DockerException
@@ -17,9 +17,14 @@ from rich.console import Console
 from rich.panel import Panel
 from rich.text import Text
 
-from strix.interface.cli import run_cli
-from strix.interface.tui import run_tui
-from strix.interface.utils import (
+from strix.config import Config, apply_saved_config, save_current_config
+
+
+apply_saved_config()
+
+from strix.interface.cli import run_cli  # noqa: E402
+from strix.interface.tui import run_tui  # noqa: E402
+from strix.interface.utils import (  # noqa: E402
     assign_workspace_subdirs,
     build_final_stats_text,
     check_docker_connection,
@@ -29,10 +34,12 @@ from strix.interface.utils import (
     image_exists,
     infer_target_type,
     process_pull_line,
+    rewrite_localhost_targets,
     validate_llm_response,
 )
-from strix.runtime.docker_runtime import STRIX_IMAGE
-from strix.telemetry.tracer import get_global_tracer
+from strix.runtime.docker_runtime import HOST_GATEWAY_HOSTNAME  # noqa: E402
+from strix.telemetry import posthog  # noqa: E402
+from strix.telemetry.tracer import get_global_tracer  # noqa: E402
 
 
 logging.getLogger().setLevel(logging.ERROR)
@@ -43,30 +50,30 @@ def validate_environment() -> None:  # noqa: PLR0912, PLR0915
     missing_required_vars = []
     missing_optional_vars = []
 
-    if not os.getenv("STRIX_LLM"):
+    if not Config.get("strix_llm"):
         missing_required_vars.append("STRIX_LLM")
 
     has_base_url = any(
         [
-            os.getenv("LLM_API_BASE"),
-            os.getenv("OPENAI_API_BASE"),
-            os.getenv("LITELLM_BASE_URL"),
-            os.getenv("OLLAMA_API_BASE"),
+            Config.get("llm_api_base"),
+            Config.get("openai_api_base"),
+            Config.get("litellm_base_url"),
+            Config.get("ollama_api_base"),
         ]
     )
 
-    if not os.getenv("LLM_API_KEY"):
-        if not has_base_url:
-            missing_required_vars.append("LLM_API_KEY")
-        else:
-            missing_optional_vars.append("LLM_API_KEY")
+    if not Config.get("llm_api_key"):
+        missing_optional_vars.append("LLM_API_KEY")
 
     if not has_base_url:
         missing_optional_vars.append("LLM_API_BASE")
 
-    if not os.getenv("PERPLEXITY_API_KEY"):
+    if not Config.get("perplexity_api_key"):
         missing_optional_vars.append("PERPLEXITY_API_KEY")
 
+    if not Config.get("strix_reasoning_effort"):
+        missing_optional_vars.append("STRIX_REASONING_EFFORT")
+
     if missing_required_vars:
         error_text = Text()
         error_text.append("❌ ", style="bold red")
@@ -92,13 +99,6 @@ def validate_environment() -> None:  # noqa: PLR0912, PLR0915
                     " - Model name to use with litellm (e.g., 'openai/gpt-5')\n",
                     style="white",
                 )
-            elif var == "LLM_API_KEY":
-                error_text.append("• ", style="white")
-                error_text.append("LLM_API_KEY", style="bold cyan")
-                error_text.append(
-                    " - API key for the LLM provider (required for cloud providers)\n",
-                    style="white",
-                )
 
         if missing_optional_vars:
             error_text.append("\nOptional environment variables:\n", style="white")
@@ -106,7 +106,11 @@ def validate_environment() -> None:  # noqa: PLR0912, PLR0915
                 if var == "LLM_API_KEY":
                     error_text.append("• ", style="white")
                     error_text.append("LLM_API_KEY", style="bold cyan")
-                    error_text.append(" - API key for the LLM provider\n", style="white")
+                    error_text.append(
+                        " - API key for the LLM provider "
+                        "(not needed for local models, Vertex AI, AWS, etc.)\n",
+                        style="white",
+                    )
                 elif var == "LLM_API_BASE":
                     error_text.append("• ", style="white")
                     error_text.append("LLM_API_BASE", style="bold cyan")
@@ -121,18 +125,24 @@ def validate_environment() -> None:  # noqa: PLR0912, PLR0915
                         " - API key for Perplexity AI web search (enables real-time research)\n",
                         style="white",
                     )
+                elif var == "STRIX_REASONING_EFFORT":
+                    error_text.append("• ", style="white")
+                    error_text.append("STRIX_REASONING_EFFORT", style="bold cyan")
+                    error_text.append(
+                        " - Reasoning effort level: none, minimal, low, medium, high, xhigh "
+                        "(default: high)\n",
+                        style="white",
+                    )
 
         error_text.append("\nExample setup:\n", style="white")
         error_text.append("export STRIX_LLM='openai/gpt-5'\n", style="dim white")
 
-        if "LLM_API_KEY" in missing_required_vars:
-            error_text.append("export LLM_API_KEY='your-api-key-here'\n", style="dim white")
-
         if missing_optional_vars:
             for var in missing_optional_vars:
                 if var == "LLM_API_KEY":
                     error_text.append(
-                        "export LLM_API_KEY='your-api-key-here'  # optional with local models\n",
+                        "export LLM_API_KEY='your-api-key-here'  "
+                        "# not needed for local models, Vertex AI, AWS, etc.\n",
                         style="dim white",
                     )
                 elif var == "LLM_API_BASE":
@@ -145,6 +155,11 @@ def validate_environment() -> None:  # noqa: PLR0912, PLR0915
                     error_text.append(
                         "export PERPLEXITY_API_KEY='your-perplexity-key-here'\n", style="dim white"
                     )
+                elif var == "STRIX_REASONING_EFFORT":
+                    error_text.append(
+                        "export STRIX_REASONING_EFFORT='high'\n",
+                        style="dim white",
+                    )
 
         panel = Panel(
             error_text,
@@ -187,33 +202,33 @@ async def warm_up_llm() -> None:
     console = Console()
 
     try:
-        model_name = os.getenv("STRIX_LLM", "openai/gpt-5")
-        api_key = os.getenv("LLM_API_KEY")
-
-        if api_key:
-            litellm.api_key = api_key
-
+        model_name = Config.get("strix_llm")
+        api_key = Config.get("llm_api_key")
         api_base = (
-            os.getenv("LLM_API_BASE")
-            or os.getenv("OPENAI_API_BASE")
-            or os.getenv("LITELLM_BASE_URL")
-            or os.getenv("OLLAMA_API_BASE")
+            Config.get("llm_api_base")
+            or Config.get("openai_api_base")
+            or Config.get("litellm_base_url")
+            or Config.get("ollama_api_base")
         )
-        if api_base:
-            litellm.api_base = api_base
 
         test_messages = [
             {"role": "system", "content": "You are a helpful assistant."},
             {"role": "user", "content": "Reply with just 'OK'."},
         ]
 
-        llm_timeout = int(os.getenv("LLM_TIMEOUT", "600"))
+        llm_timeout = int(Config.get("llm_timeout") or "300")
 
-        response = litellm.completion(
-            model=model_name,
-            messages=test_messages,
-            timeout=llm_timeout,
-        )
+        completion_kwargs: dict[str, Any] = {
+            "model": model_name,
+            "messages": test_messages,
+            "timeout": llm_timeout,
+        }
+        if api_key:
+            completion_kwargs["api_key"] = api_key
+        if api_base:
+            completion_kwargs["api_base"] = api_base
+
+        response = litellm.completion(**completion_kwargs)
 
         validate_llm_response(response)
 
@@ -240,6 +255,15 @@ async def warm_up_llm() -> None:
         sys.exit(1)
 
 
+def get_version() -> str:
+    try:
+        from importlib.metadata import version
+
+        return version("strix-agent")
+    except Exception:  # noqa: BLE001
+        return "unknown"
+
+
 def parse_arguments() -> argparse.Namespace:
     parser = argparse.ArgumentParser(
         description="Strix Multi-Agent Cybersecurity Penetration Testing Tool",
@@ -270,11 +294,18 @@ Examples:
   strix --target example.com --instruction "Focus on authentication vulnerabilities"
 
   # Custom instructions (from file)
-  strix --target example.com --instruction ./instructions.txt
-  strix --target https://app.com --instruction /path/to/detailed_instructions.md
+  strix --target example.com --instruction-file ./instructions.txt
+  strix --target https://app.com --instruction-file /path/to/detailed_instructions.md
         """,
     )
 
+    parser.add_argument(
+        "-v",
+        "--version",
+        action="version",
+        version=f"strix {get_version()}",
+    )
+
     parser.add_argument(
         "-t",
         "--target",
@@ -292,15 +323,15 @@ Examples:
         "testing approaches (e.g., 'Perform thorough authentication testing'), "
         "test credentials (e.g., 'Use the following credentials to access the app: "
         "admin:password123'), "
-        "or areas of interest (e.g., 'Check login API endpoint for security issues'). "
-        "You can also provide a path to a file containing detailed instructions "
-        "(e.g., '--instruction ./instructions.txt').",
+        "or areas of interest (e.g., 'Check login API endpoint for security issues').",
     )
 
     parser.add_argument(
-        "--run-name",
+        "--instruction-file",
         type=str,
-        help="Custom name for this penetration test run",
+        help="Path to a file containing detailed custom instructions for the penetration test. "
+        "Use this option when you have lengthy or complex instructions saved in a file "
+        "(e.g., '--instruction-file ./detailed_instructions.txt').",
     )
 
     parser.add_argument(
@@ -313,18 +344,37 @@ Examples:
         ),
     )
 
+    parser.add_argument(
+        "-m",
+        "--scan-mode",
+        type=str,
+        choices=["quick", "standard", "deep"],
+        default="deep",
+        help=(
+            "Scan mode: "
+            "'quick' for fast CI/CD checks, "
+            "'standard' for routine testing, "
+            "'deep' for thorough security reviews (default). "
+            "Default: deep."
+        ),
+    )
+
     args = parser.parse_args()
 
-    if args.instruction:
-        instruction_path = Path(args.instruction)
-        if instruction_path.exists() and instruction_path.is_file():
-            try:
-                with instruction_path.open(encoding="utf-8") as f:
-                    args.instruction = f.read().strip()
-                    if not args.instruction:
-                        parser.error(f"Instruction file '{instruction_path}' is empty")
-            except Exception as e:  # noqa: BLE001
-                parser.error(f"Failed to read instruction file '{instruction_path}': {e}")
+    if args.instruction and args.instruction_file:
+        parser.error(
+            "Cannot specify both --instruction and --instruction-file. Use one or the other."
+        )
+
+    if args.instruction_file:
+        instruction_path = Path(args.instruction_file)
+        try:
+            with instruction_path.open(encoding="utf-8") as f:
+                args.instruction = f.read().strip()
+                if not args.instruction:
+                    parser.error(f"Instruction file '{instruction_path}' is empty")
+        except Exception as e:  # noqa: BLE001
+            parser.error(f"Failed to read instruction file '{instruction_path}': {e}")
 
     args.targets_info = []
     for target in args.target:
@@ -343,6 +393,7 @@ Examples:
             parser.error(f"Invalid target '{target}'")
 
     assign_workspace_subdirs(args.targets_info)
+    rewrite_localhost_targets(args.targets_info, HOST_GATEWAY_HOSTNAME)
 
     return args
 
@@ -410,17 +461,20 @@ def display_completion_message(args: argparse.Namespace, results_path: Path) ->
     console.print("\n")
     console.print(panel)
     console.print()
+    console.print("[dim]🌐 Website:[/] [cyan]https://strix.ai[/]")
+    console.print("[dim]💬 Discord:[/] [cyan]https://discord.gg/YjKFvEZSdZ[/]")
+    console.print()
 
 
 def pull_docker_image() -> None:
     console = Console()
     client = check_docker_connection()
 
-    if image_exists(client, STRIX_IMAGE):
+    if image_exists(client, Config.get("strix_image")):  # type: ignore[arg-type]
         return
 
     console.print()
-    console.print(f"[bold cyan]🐳 Pulling Docker image:[/] {STRIX_IMAGE}")
+    console.print(f"[bold cyan]🐳 Pulling Docker image:[/] {Config.get('strix_image')}")
     console.print("[dim yellow]This only happens on first run and may take a few minutes...[/]")
     console.print()
 
@@ -429,7 +483,7 @@ def pull_docker_image() -> None:
             layers_info: dict[str, str] = {}
             last_update = ""
 
-            for line in client.api.pull(STRIX_IMAGE, stream=True, decode=True):
+            for line in client.api.pull(Config.get("strix_image"), stream=True, decode=True):
                 last_update = process_pull_line(line, layers_info, status, last_update)
 
         except DockerException as e:
@@ -438,7 +492,7 @@ def pull_docker_image() -> None:
             error_text.append("❌ ", style="bold red")
             error_text.append("FAILED TO PULL IMAGE", style="bold red")
             error_text.append("\n\n", style="white")
-            error_text.append(f"Could not download: {STRIX_IMAGE}\n", style="white")
+            error_text.append(f"Could not download: {Config.get('strix_image')}\n", style="white")
             error_text.append(str(e), style="dim red")
 
             panel = Panel(
@@ -470,8 +524,9 @@ def main() -> None:
     validate_environment()
     asyncio.run(warm_up_llm())
 
-    if not args.run_name:
-        args.run_name = generate_run_name(args.targets_info)
+    save_current_config()
+
+    args.run_name = generate_run_name(args.targets_info)
 
     for target_info in args.targets_info:
         if target_info["type"] == "repository":
@@ -482,10 +537,32 @@ def main() -> None:
 
     args.local_sources = collect_local_sources(args.targets_info)
 
-    if args.non_interactive:
-        asyncio.run(run_cli(args))
-    else:
-        asyncio.run(run_tui(args))
+    is_whitebox = bool(args.local_sources)
+
+    posthog.start(
+        model=Config.get("strix_llm"),
+        scan_mode=args.scan_mode,
+        is_whitebox=is_whitebox,
+        interactive=not args.non_interactive,
+        has_instructions=bool(args.instruction),
+    )
+
+    exit_reason = "user_exit"
+    try:
+        if args.non_interactive:
+            asyncio.run(run_cli(args))
+        else:
+            asyncio.run(run_tui(args))
+    except KeyboardInterrupt:
+        exit_reason = "interrupted"
+    except Exception as e:
+        exit_reason = "error"
+        posthog.error("unhandled_exception", str(e))
+        raise
+    finally:
+        tracer = get_global_tracer()
+        if tracer:
+            posthog.end(tracer, exit_reason=exit_reason)
 
     results_path = Path("strix_runs") / args.run_name
     display_completion_message(args, results_path)

strix/interface/streaming_parser.py

@@ -0,0 +1,119 @@
+import html
+import re
+from dataclasses import dataclass
+from typing import Literal
+
+
+_FUNCTION_TAG_PREFIX = "<function="
+
+
+def _get_safe_content(content: str) -> tuple[str, str]:
+    if not content:
+        return "", ""
+
+    last_lt = content.rfind("<")
+    if last_lt == -1:
+        return content, ""
+
+    suffix = content[last_lt:]
+    target = _FUNCTION_TAG_PREFIX  # "<function="
+
+    if target.startswith(suffix):
+        return content[:last_lt], suffix
+
+    return content, ""
+
+
+@dataclass
+class StreamSegment:
+    type: Literal["text", "tool"]
+    content: str
+    tool_name: str | None = None
+    args: dict[str, str] | None = None
+    is_complete: bool = False
+
+
+def parse_streaming_content(content: str) -> list[StreamSegment]:
+    if not content:
+        return []
+
+    segments: list[StreamSegment] = []
+
+    func_pattern = r"<function=([^>]+)>"
+    func_matches = list(re.finditer(func_pattern, content))
+
+    if not func_matches:
+        safe_content, _ = _get_safe_content(content)
+        text = safe_content.strip()
+        if text:
+            segments.append(StreamSegment(type="text", content=text))
+        return segments
+
+    first_func_start = func_matches[0].start()
+    if first_func_start > 0:
+        text_before = content[:first_func_start].strip()
+        if text_before:
+            segments.append(StreamSegment(type="text", content=text_before))
+
+    for i, match in enumerate(func_matches):
+        tool_name = match.group(1)
+        func_start = match.end()
+
+        func_end_match = re.search(r"</function>", content[func_start:])
+
+        if func_end_match:
+            func_body = content[func_start : func_start + func_end_match.start()]
+            is_complete = True
+            end_pos = func_start + func_end_match.end()
+        else:
+            if i + 1 < len(func_matches):
+                next_func_start = func_matches[i + 1].start()
+                func_body = content[func_start:next_func_start]
+            else:
+                func_body = content[func_start:]
+            is_complete = False
+            end_pos = len(content)
+
+        args = _parse_streaming_params(func_body)
+
+        segments.append(
+            StreamSegment(
+                type="tool",
+                content=func_body,
+                tool_name=tool_name,
+                args=args,
+                is_complete=is_complete,
+            )
+        )
+
+        if is_complete and i + 1 < len(func_matches):
+            next_start = func_matches[i + 1].start()
+            text_between = content[end_pos:next_start].strip()
+            if text_between:
+                segments.append(StreamSegment(type="text", content=text_between))
+
+    return segments
+
+
+def _parse_streaming_params(func_body: str) -> dict[str, str]:
+    args: dict[str, str] = {}
+
+    complete_pattern = r"<parameter=([^>]+)>(.*?)</parameter>"
+    complete_matches = list(re.finditer(complete_pattern, func_body, re.DOTALL))
+    complete_end_pos = 0
+
+    for match in complete_matches:
+        param_name = match.group(1)
+        param_value = html.unescape(match.group(2).strip())
+        args[param_name] = param_value
+        complete_end_pos = max(complete_end_pos, match.end())
+
+    remaining = func_body[complete_end_pos:]
+    incomplete_pattern = r"<parameter=([^>]+)>(.*)$"
+    incomplete_match = re.search(incomplete_pattern, remaining, re.DOTALL)
+    if incomplete_match:
+        param_name = incomplete_match.group(1)
+        param_value = html.unescape(incomplete_match.group(2).strip())
+        args[param_name] = param_value
+
+    return args

strix/interface/tool_components/__init__.py

@@ -1,4 +1,5 @@
 from . import (
+    agent_message_renderer,
     agents_graph_renderer,
     browser_renderer,
     file_edit_renderer,
@@ -10,6 +11,7 @@ from . import (
     scan_info_renderer,
     terminal_renderer,
     thinking_renderer,
+    todo_renderer,
     user_message_renderer,
     web_search_renderer,
 )
@@ -20,6 +22,7 @@ from .registry import ToolTUIRegistry, get_tool_renderer, register_tool_renderer
 __all__ = [
     "BaseToolRenderer",
     "ToolTUIRegistry",
+    "agent_message_renderer",
     "agents_graph_renderer",
     "browser_renderer",
     "file_edit_renderer",
@@ -34,6 +37,7 @@ __all__ = [
     "scan_info_renderer",
     "terminal_renderer",
     "thinking_renderer",
+    "todo_renderer",
     "user_message_renderer",
     "web_search_renderer",
 ]