Clone git repositories internally (#10)

This commit is contained in:
Ahmed Allam
2025-08-16 15:47:36 -07:00
committed by GitHub
parent 337d64d362
commit ccab853c0f
5 changed files with 143 additions and 5 deletions
+15 -3
View File
@@ -26,9 +26,21 @@ class StrixAgent(BaseAgent):
task_parts = []
if scan_type == "repository":
task_parts.append(
f"Perform a security assessment of the Git repository: {target['target_repo']}"
)
repo_url = target["target_repo"]
cloned_path = target.get("cloned_repo_path")
if cloned_path:
shared_workspace_path = "/shared_workspace"
task_parts.append(
f"Perform a security assessment of the Git repository: {repo_url}. "
f"The repository has been cloned from '{repo_url}' to '{cloned_path}' "
f"(host path) and then copied to '{shared_workspace_path}' in your environment."
f"Analyze the codebase at: {shared_workspace_path}"
)
else:
task_parts.append(
f"Perform a security assessment of the Git repository: {repo_url}"
)
elif scan_type == "web_application":
task_parts.append(
@@ -206,6 +206,27 @@ CRITICAL RULES:
- **ONE AGENT = ONE TASK** - Don't let agents do multiple unrelated jobs
- **SPAWN REACTIVELY** - Create new agents based on what you discover
- **ONLY REPORTING AGENTS** can use create_vulnerability_report tool
- **AGENT SPECIALIZATION MANDATORY** - Each agent must be highly specialized with maximum 3 prompt modules
- **NO GENERIC AGENTS** - Avoid creating broad, multi-purpose agents that dilute focus
AGENT SPECIALIZATION EXAMPLES:
GOOD SPECIALIZATION:
- "SQLi Validation Agent" with prompt_modules: sql_injection
- "XSS Discovery Agent" with prompt_modules: xss
- "Auth Testing Agent" with prompt_modules: authentication_jwt, business_logic
- "SSRF + XXE Agent" with prompt_modules: ssrf, xxe, rce (related attack vectors)
BAD SPECIALIZATION:
- "General Web Testing Agent" with prompt_modules: sql_injection, xss, csrf, ssrf, authentication_jwt (too broad)
- "Everything Agent" with prompt_modules: all available modules (completely unfocused)
- Any agent with more than 3 prompt modules (violates constraints)
FOCUS PRINCIPLES:
- Each agent should have deep expertise in 1-3 related vulnerability types
- Agents with single modules have the deepest specialization
- Related vulnerabilities (like SSRF+XXE or Auth+Business Logic) can be combined
- Never create "kitchen sink" agents that try to do everything
REALISTIC TESTING OUTCOMES:
- **No Findings**: Agent completes testing but finds no vulnerabilities