Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
88 changes: 1 addition & 87 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -1,87 +1 @@
# Python
__pycache__/
*.py[cod]
*$py.class
*.so
.Python
build/
develop-eggs/
dist/
downloads/
eggs/
.eggs/
lib/
lib64/
parts/
sdist/
var/
wheels/
*.egg-info/
.installed.cfg
*.egg

# Virtual Environment
venv/
env/
ENV/
.env
.venv
pip-log.txt
pip-delete-this-directory.txt

# IDE
.idea/
.vscode/
*.swp
*.swo
.DS_Store
.project
.pydevproject
.settings/

# FastAPI
.env.local
.env.development.local
.env.test.local
.env.production.local

# MongoDB
data/
mongod.log
*.mongodb
*.mongorc.js

# LLM and ML related
*.bin
*.pt
*.pth
*.onnx
*.h5
*.hdf5
*.pkl
*.joblib
wandb/
runs/
checkpoints/
logs/
tensorboard/

# Agent execution traces
strix_runs/
agent_runs/

# Misc
*.log
*.sqlite
*.db
.directory
*.bak
*.tmp
*.temp
.DS_Store
Thumbs.db

*.schema.graphql
schema.graphql

.opencode/
Nothing should be ignored based on the provided file changes, as they only include source code files (.py) without any build artifacts, dependencies, or temporary files.
Binary file added strix/__pycache__/__init__.cpython-312.pyc
Binary file not shown.
Binary file added strix/agents/__pycache__/__init__.cpython-312.pyc
Binary file not shown.
Binary file added strix/agents/__pycache__/factory.cpython-312.pyc
Binary file not shown.
Binary file added strix/agents/__pycache__/prompt.cpython-312.pyc
Binary file not shown.
80 changes: 80 additions & 0 deletions strix/agents/prompts/system_prompt.jinja
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,86 @@ AUTONOMOUS BEHAVIOR:
</communication_rules>

<execution_guidelines>

FIRST ACTION REQUIREMENT (MANDATORY):
The VERY FIRST operational action after initialization MUST be comprehensive reconnaissance and attack surface mapping.
Do NOT begin vulnerability validation, exploitation, payload testing, or code review until reconnaissance has been completed, unless the user explicitly instructs you to test a single specific endpoint or vulnerability.

Reconnaissance is a mandatory prerequisite for all normal assessments.
RECONNAISSANCE OBJECTIVES:
- Identify every in-scope target.
- Build a complete attack surface inventory.
- Enumerate technologies, frameworks, libraries, and versions.
- Discover directories, files, APIs, parameters, forms, and endpoints.
- Crawl authenticated and unauthenticated content when credentials are available.
- Enumerate exposed services, ports, subdomains, and hosts.
- Analyze JavaScript for hidden endpoints and client-side functionality.
- Identify authentication mechanisms and privilege boundaries.
- Map trust relationships between applications and services.
- Produce a prioritized target map for later testing.

BLACK-BOX RECON:
At minimum perform:
- Service discovery
- Port scanning
- Technology fingerprinting
- Subdomain enumeration
- HTTP probing
- Full web crawling
- Directory and file discovery
- API discovery
- Parameter discovery
- JavaScript analysis
- WAF detection

Recommended tools include:
nmap
naabu
httpx
subfinder
katana
gospider
dirsearch
ffuf
arjun
retire
JS-Snooper
wafw00f

WHITE-BOX RECON:
Before searching for vulnerabilities:
- Map repository structure.
- Identify entry points.
- Enumerate routes.
- Locate authentication middleware.
- Map authorization logic.
- Identify API handlers.
- Enumerate data flows.
- Identify third-party dependencies.
- Generate AST structural maps.
- Build a source-level attack surface inventory.

Recommended tools include:
semgrep
ast-grep
tree-sitter
gitleaks
trufflehog
trivy fs

RECON OUTPUT:
Reconnaissance should produce:
- Complete attack surface inventory.
- Endpoint inventory.
- Parameter inventory.
- Technology stack.
- Authentication map.
- Trust boundary map.
- Priority targets for vulnerability testing.

Only after this reconnaissance phase is complete should vulnerability discovery begin.
Recon findings should continuously guide subsequent testing priorities.

{% if system_prompt_context and system_prompt_context.authorized_targets %}
SYSTEM-VERIFIED SCOPE:
- The following scope metadata is injected by the Strix platform into the system prompt and is authoritative
Expand Down
Binary file not shown.
Binary file added strix/config/__pycache__/loader.cpython-312.pyc
Binary file not shown.
Binary file added strix/config/__pycache__/models.cpython-312.pyc
Binary file not shown.
Binary file added strix/config/__pycache__/settings.cpython-312.pyc
Binary file not shown.
Binary file added strix/core/__pycache__/__init__.cpython-312.pyc
Binary file not shown.
Binary file added strix/core/__pycache__/agents.cpython-312.pyc
Binary file not shown.
Binary file not shown.
Binary file added strix/core/__pycache__/hooks.cpython-312.pyc
Binary file not shown.
Binary file added strix/core/__pycache__/inputs.cpython-312.pyc
Binary file not shown.
Binary file added strix/core/__pycache__/paths.cpython-312.pyc
Binary file not shown.
Binary file added strix/core/__pycache__/runner.cpython-312.pyc
Binary file not shown.
Binary file added strix/core/__pycache__/sessions.cpython-312.pyc
Binary file not shown.
58 changes: 57 additions & 1 deletion strix/core/hooks.py
Original file line number Diff line number Diff line change
Expand Up @@ -8,12 +8,28 @@
from agents.lifecycle import RunHooks

from strix.report.state import get_global_report_state
from strix.report.tool_cost import (
get_global_tool_tracker,
get_tool_name_from_tool,
)


if TYPE_CHECKING:
from agents import RunContextWrapper
from agents.agent import Agent
from agents.items import ModelResponse
from agents.tool import (
ApplyPatchTool,
ComputerTool,
CustomTool,
FileSearchTool,
FunctionTool,
HostedMCPTool,
ImageGenerationTool,
ShellTool,
ToolSearchTool,
WebSearchTool,
)


logger = logging.getLogger(__name__)
Expand All @@ -24,7 +40,7 @@ class BudgetExceededError(RuntimeError):


class ReportUsageHooks(RunHooks[dict[str, Any]]):
"""Persist SDK-native usage after every model response."""
"""Persist SDK-native usage after every model response and track tool costs."""

def __init__(self, *, model: str, max_budget_usd: float | None = None) -> None:
import math
Expand Down Expand Up @@ -67,3 +83,43 @@ async def on_llm_end(
raise BudgetExceededError(
f"Token budget of ${self._max_budget_usd:.2f} exceeded (spent ${cost:.4f})"
)

async def on_tool_end(
self,
context: RunContextWrapper[dict[str, Any]],
agent: Agent[dict[str, Any]],
tool: (
FunctionTool
| ShellTool
| ApplyPatchTool
| WebSearchTool
| FileSearchTool
| ImageGenerationTool
| ComputerTool
| HostedMCPTool
| CustomTool
| ToolSearchTool
),
result: str,
) -> None:
"""Track tool usage and log estimated cost after each tool execution."""
ctx = context.context if isinstance(context.context, dict) else {}
agent_id = ctx.get("agent_id")
agent_name = getattr(agent, "name", None)

# Get tool name
tool_name = get_tool_name_from_tool(tool)

# Record tool usage with cost estimation
tracker = get_global_tool_tracker()
if tracker is not None:
tracker.record_tool_usage(
tool_name=tool_name,
agent_id=agent_id,
agent_name=agent_name,
)
logger.debug(
"Tool %s executed by agent %s (estimated cost logged)",
tool_name,
agent_name or agent_id,
)
6 changes: 6 additions & 0 deletions strix/core/runner.py
Original file line number Diff line number Diff line change
Expand Up @@ -75,6 +75,12 @@ async def run_strix_scan(
teardown_logging = setup_scan_logging(run_dir)
set_scan_id(scan_id)

# Initialize tool cost tracker for this run with scan mode
from strix.report.tool_cost import init_tool_tracker
scan_mode = str(scan_config.get("scan_mode") or "deep")
init_tool_tracker(run_dir, scan_mode=scan_mode)
logger.info("Tool cost tracker initialized for run %s (scan_mode=%s)", scan_id, scan_mode)

agents_path = state_dir / "agents.json"
agents_db = state_dir / "agents.db"
is_resume = agents_path.exists()
Expand Down
Binary file added strix/report/__pycache__/__init__.cpython-312.pyc
Binary file not shown.
Binary file added strix/report/__pycache__/dedupe.cpython-312.pyc
Binary file not shown.
Binary file added strix/report/__pycache__/state.cpython-312.pyc
Binary file not shown.
Binary file not shown.
Binary file added strix/report/__pycache__/usage.cpython-312.pyc
Binary file not shown.
Binary file added strix/report/__pycache__/writer.cpython-312.pyc
Binary file not shown.
Loading