Commit Graph

197 Commits

Author SHA1 Message Date
0xallam bf8020fafb fix: Strip custom_llm_provider before cost lookup for proxied models 2026-02-20 06:52:27 -08:00
0xallam 3b3576b024 refactor: Centralize strix model resolution with separate API and capability names
- Replace fragile prefix matching with explicit STRIX_MODEL_MAP
- Add resolve_strix_model() returning (api_model, canonical_model)
- api_model (openai/ prefix) for API calls to OpenAI-compatible Strix API
- canonical_model (actual provider name) for litellm capability lookups
- Centralize resolution in LLMConfig instead of scattered call sites
2026-02-20 04:40:04 -08:00
octovimmer d2c99ea4df resolve: merge conflict resolution, llm api base resolution 2026-02-19 17:37:00 -08:00
octovimmer 06ae3d3860 fix: linting errors 2026-02-19 17:25:10 -08:00
octovimmer e38f523a45 Strix LLM Documentation and Config Changes (#315)
* feat: add to readme new keys

* feat: shoutout strix models, docs

* fix: mypy error

* fix: base api

* docs: update quickstart and models

* fixes: changes to docs

uniform api_key variable naming

* test: git commit hook

* nevermind it was nothing

* docs: Update default model to claude-sonnet-4.6 and improve Strix Router docs

- Replace gpt-5 and opus-4.6 defaults with claude-sonnet-4.6 across all docs and code
- Rewrite Strix Router (models.mdx) page with clearer structure and messaging
- Add Strix Router as recommended option in overview.mdx and quickstart prerequisites
- Update stale Claude 4.5 references to 4.6 in anthropic.mdx, openrouter.mdx, bug_report.md
- Fix install.sh links to point to models.strix.ai and correct docs URLs
- Update error message examples in main.py to use claude-sonnet-4-6

---------

Co-authored-by: 0xallam <ahmed39652003@gmail.com>
2026-02-20 01:43:18 +04:00
0xallam 30550dd189 fix: Add rule against duplicating changes across code_locations 2026-02-17 14:59:13 -08:00
0xallam 154040f9fb fix: Improve code_locations schema for accurate block-level fixes and multi-part suggestions
Rewrote the code_locations parameter description to make fix_before/fix_after
semantics explicit: they are literal block-level replacements mapped directly
to GitHub/GitLab PR suggestion blocks. Added guidance for multi-part fixes
(separate locations for non-contiguous changes like imports + code), common
mistakes to avoid, and updated all examples to demonstrate multi-line ranges.
2026-02-17 14:17:33 -08:00
TaeBbong 365d51f52f fix: Add explicit UTF-8 encoding to read_text() calls
- Specify encoding="utf-8" in registry.py _load_xml_schema()
- Specify encoding="utf-8" in skills/__init__.py load_skills()
- Prevents cp949/shift_jis/cp1252 decoding errors on non-English Windows
2026-02-15 17:41:10 -08:00
0xallam 305ae2f699 fix: Remove indentation prefix from diff code block markers for syntax highlighting 2026-02-15 17:25:59 -08:00
0xallam d6e9b3b7cf feat: Redesign vulnerability reporting with nested XML code locations and CVSS
Replace 12 flat parameters (code_file, code_before, code_after, code_diff,
and 8 CVSS fields) with structured nested XML fields: code_locations with
co-located fix_before/fix_after per location, cvss_breakdown, and cwe.

This enables multi-file vulnerability locations, per-location fixes with
precise line numbers, data flow representation (source/sink), CWE
classification, and compatibility with GitHub/GitLab PR review APIs.
2026-02-15 17:25:59 -08:00
0xallam 40cb705494 fix: Skip clipboard copy for whitespace-only selections 2026-02-07 11:04:31 -08:00
0xallam e0b750dbcd feat: Add mouse text selection auto-copy to clipboard in TUI
Enable native text selection across tool components and agent messages
with automatic clipboard copy, toast notification, and decorative icon
stripping. Replace Padding wrappers with Text to support selection
across multiple renderables.
2026-02-07 11:04:31 -08:00
0xallam 0a63ffba63 fix: Polish finish_scan report schema descriptions and examples
Improve the finish_scan tool schema to produce more professional
pentest reports: expand parameter descriptions with structural
guidance, rewrite recommendations example with proper urgency tiers
instead of Priority 0/1/2, fix duplicated section titles, and clean
up informal language.
2026-02-04 13:30:24 -08:00
0xallam 5a76fab4ae fix: Replace hardcoded git host detection with HTTP protocol probe
Remove hardcoded github.com/gitlab.com/bitbucket.org host lists from
infer_target_type. Instead, detect git repositories on any host by
querying the standard /info/refs?service=git-upload-pack endpoint.

Works for any self-hosted git instance.
2026-01-31 23:24:59 -08:00
0xallam c2fbf81f1d fix(llm): Pass API key and base URL to memory compressor litellm calls
The memory compressor was calling litellm.completion() without passing
the api_key and api_base parameters, causing authentication errors when
LLM_API_KEY is set but provider-specific env vars (OPENAI_API_KEY, etc.)
are not. This matches the pattern used in dedupe.py.
2026-01-28 01:29:33 -08:00
0xallam 6da639ce58 chore: unify token stats color scheme 2026-01-22 11:37:21 -08:00
0xallam a97836c335 chore: improve stats panel layout 2026-01-22 11:17:32 -08:00
0xallam b456a4ed8c fix(llm): collect usage stats from final stream chunk
The early break on </function> prevented receiving the final chunk
that contains token usage data (input_tokens, output_tokens).
2026-01-20 20:36:00 -08:00
0xallam 165887798d refactor: simplify --config implementation to reuse existing config system
- Reuse apply_saved() instead of custom override logic
- Add force parameter to override existing env vars
- Move validation to utils.py
- Prevent saving when using custom config (one-time override)
- Fix: don't modify ~/.strix/cli-config.json when --config is used

Co-Authored-By: FeedClogger <feedclogger@users.noreply.github.com>
2026-01-20 17:02:29 -08:00
FeedClogger 4ab9af6e47 Added .env variable override through --config param 2026-01-20 17:02:29 -08:00
0xallam 4337991d05 chore: update Discord invite link 2026-01-20 12:58:14 -08:00
0xallam 9cff247d89 docs: update skills README for markdown format 2026-01-20 12:50:59 -08:00
0xallam af2c830f70 refactor: standardize vulnerability skills format 2026-01-20 12:50:59 -08:00
0xallam 91feb3e01c fix: remove icon from ListFilesRenderer 2026-01-20 12:50:59 -08:00
0xallam 762c25d6ed fix: exclude scan_modes and coordination from available skills 2026-01-20 12:50:59 -08:00
0xallam 6cb1c20978 refactor: migrate skills from Jinja to Markdown 2026-01-20 12:50:59 -08:00
0xallam 4b62169f74 fix: remove unintended margin from stats panel 2026-01-19 21:48:56 -08:00
0xallam e948f06d64 refactor: improve stats panel styling and add version display 2026-01-19 21:46:13 -08:00
0xallam 3d4b1bfb08 refactor: update agent tree status indicators 2026-01-19 21:23:29 -08:00
0xallam 8413987fcd feat: remove docker container on shutdown
Add automatic cleanup of Docker containers when the application exits.
Uses a singleton runtime pattern and spawns a detached subprocess for
cleanup to ensure fast exit without blocking the UI.
2026-01-19 18:26:41 -08:00
0xallam a67fe4c45c refactor: redesign finished dialogs and UI elements 2026-01-19 16:52:02 -08:00
0xallam 9f7b532056 refactor: revamp proxy tool renderers for better UX
- Show actual request/response data with visual flow (>> / <<)
- Display all relevant params: filters, sort, scope, modifications
- Add type-safe handling for streaming edge cases
- Use color-coded status codes (2xx green, 3xx yellow, 4xx/5xx red)
- Show search context (before/after) not just matched text
- Show full request details in send/repeat request renderers
- Show modifications on separate lines with full content
- Increase truncation limits for better visibility (200 char lines)
- Use present tense lowercase titles (listing, viewing, searching)
2026-01-19 15:33:53 -08:00
0xallam 43572242f1 fix: remove 'unknown' fallback display in browser tool renderer 2026-01-19 13:46:20 -08:00
0xallam a7bd635c11 fix: strip ANSI codes from Python tool output and optimize highlighting
- Add comprehensive ECMA-48 ANSI pattern to strip escape sequences from output
- Fix _truncate_line to strip ANSI before length calculation
- Cache PythonLexer instance (was creating new one per call)
- Memoize token color lookups to avoid repeated parent chain traversal
2026-01-19 12:21:08 -08:00
0xallam e30ef9aec8 perf: optimize TUI streaming rendering performance
- Pre-compile regex patterns in streaming_parser.py
- Move hot-path imports to module level in tui.py
- Add streaming content caching to avoid re-rendering unchanged content
- Track streaming length to skip unnecessary re-renders
- Reduce UI update interval from 250ms to 350ms
2026-01-19 11:46:38 -08:00
0xallam 86f8835ccb chore: bump version to 0.6.2 and sandbox to 0.1.11 2026-01-18 18:29:44 -08:00
0xallam 2bfb80ff4a refactor: share single browser instance across all agents
- Use singleton browser with isolated BrowserContext per agent instead of
  separate Chromium processes per agent
- Add cleanup logic for stale browser/playwright on reconnect
- Add resource management instructions to browser schema (close tabs/browser when done)
- Suppress Kali login message in Dockerfile
2026-01-18 17:51:23 -08:00
0xallam 7ff0e68466 fix: create fresh gql client per request to avoid transport state issues 2026-01-17 22:19:21 -08:00
0xallam 918a151892 refactor: simplify tool server to asyncio tasks with per-agent isolation
- Replace multiprocessing/threading with single asyncio task per agent
- Add task cancellation: new request cancels previous for same agent
- Add per-agent state isolation via ContextVar for Terminal, Browser, Python managers
- Add posthog telemetry for tool execution errors (timeout, http, sandbox)
- Fix proxy manager singleton pattern
- Increase client timeout buffer over server timeout
- Add context.py to Dockerfile
2026-01-17 22:19:21 -08:00
0xallam 4cb2cebd1e fix: add initial delay and increase retries for tool server health check 2026-01-17 22:19:21 -08:00
0xallam 61dea7010a refactor: simplify container initialization and fix startup reliability
- Move tool server startup from Python to entrypoint script
- Hardcode Caido port (48080) in entrypoint, remove from Python
- Use /app/venv/bin/python directly instead of poetry run
- Fix env var passing through sudo with sudo -E and explicit vars
- Add Caido process monitoring and logging during startup
- Add retry logic with exponential backoff for token fetch
- Add tool server process validation before declaring ready
- Simplify docker_runtime.py (489 -> 310 lines)
- DRY up container state recovery into _recover_container_state()
- Add container creation retry logic (3 attempts)
- Fix GraphQL health check URL (/graphql/ with trailing slash)
2026-01-17 22:19:21 -08:00
0xallam ed6861db64 fix(tool_server): include request_id in worker errors and use get_running_loop
- Add request_id to worker error responses to prevent client hangs
- Replace deprecated get_event_loop() with get_running_loop() in execute_tool
2026-01-16 01:11:02 -08:00
0xallam a74ed69471 fix(tool_server): use get_running_loop() instead of deprecated get_event_loop() 2026-01-16 01:11:02 -08:00
0xallam 9102b22381 fix(python): prevent stdout/stderr race on timeout
Add cancelled flag to prevent timed-out thread's finally block from
overwriting stdout/stderr when a subsequent execution has already
started capturing output.
2026-01-16 01:11:02 -08:00
0xallam 693ef16060 fix(runtime): parallel tool execution and remove signal handlers
- Add ThreadPoolExecutor in agent_worker for parallel request execution
- Add request_id correlation to prevent response mismatch between concurrent requests
- Add background listener thread per agent to dispatch responses to correct futures
- Add --timeout argument for hard request timeout (default: 120s from config)
- Remove signal handlers from terminal_manager, python_manager, tab_manager (use atexit only)
- Replace SIGALRM timeout in python_instance with threading-based timeout

This fixes requests getting queued behind slow operations and timeouts.
2026-01-16 01:11:02 -08:00
0xallam 8dc6f1dc8f fix(llm): remove hardcoded temperature from dedupe check
Allow the model's default temperature setting to be used instead of
forcing temperature=0 for duplicate detection.
2026-01-15 18:56:48 -08:00
0xallam 4d9154a7f8 fix(config): keep non-LLM saved env values
When LLM env differs, drop only LLM-related saved entries instead of
clearing all saved env vars, preserving other config like API keys.
2026-01-15 18:37:38 -08:00
0xallam 2898db318e fix(config): canonicalize LLM env and respect cleared vars
Drop saved LLM config if any current LLM env var differs, and treat
explicit empty env vars as cleared so saved values are removed and
not re-applied.
2026-01-15 18:37:38 -08:00
0xallam 960bb91790 fix(tui): suppress stderr output in python renderer 2026-01-15 17:44:49 -08:00
0xallam 4de4be683f fix(executor): include error type in httpx RequestError messages
The str() of httpx.RequestError was often empty, making error messages
unhelpful. Now includes the exception type (e.g., ConnectError) for
better debugging.
2026-01-15 17:40:21 -08:00