2 Commits

Author SHA1 Message Date
bearsyankees 639ce5b31a fix(report): correct csv_path indentation in write_vulnerabilities
Line 72 was over-indented, causing an IndentationError on import of
strix/report/writer.py and breaking main. Also bump the mirrors-mypy
pre-commit hook to v1.17.1 to avoid the mypy 1.16.0 internal crash
(python/mypy#19412) on openai/_client.py.

Co-Authored-By: Alex Schapiro <bearsyankees@gmail.com>
2026-07-02 19:20:47 +00:00
ASTITVA BHARDWAJ 5ee34481fe Fix non-atomic CSV and MD writes to prevent corruption on crash (#628) (#631) 2026-07-02 07:53:30 -07:00
30 changed files with 19 additions and 163 deletions
+1 -1
View File
@@ -11,7 +11,7 @@ repos:
# MyPy for static type checking
- repo: https://github.com/pre-commit/mirrors-mypy
rev: v1.16.0
rev: v1.17.1
hooks:
- id: mypy
additional_dependencies: [
-2
View File
@@ -275,5 +275,3 @@ Strix builds on the incredible work of open-source projects like [LiteLLM](https
> Only test apps you own or have permission to test. You are responsible for using Strix ethically and legally.
</div>
![](https://static.scarf.sh/a.png?x-pxid=a0ba15dd-a205-4a54-95d6-7814e9ae6b61)
-4
View File
@@ -3,10 +3,6 @@ title: "Configuration"
description: "Environment variables for Strix"
---
import { ScarfPixel } from "/snippets/scarf-pixel.mdx";
<ScarfPixel />
Configure Strix using environment variables or a config file.
## LLM Configuration
-4
View File
@@ -3,10 +3,6 @@ title: "Skills"
description: "Specialized knowledge packages that enhance agent capabilities"
---
import { ScarfPixel } from "/snippets/scarf-pixel.mdx";
<ScarfPixel />
Skills are structured knowledge packages that give Strix agents deep expertise in specific vulnerability types, technologies, and testing methodologies.
## The Idea
-4
View File
@@ -3,10 +3,6 @@ title: "Introduction"
description: "Managed security testing without local setup"
---
import { ScarfPixel } from "/snippets/scarf-pixel.mdx";
<ScarfPixel />
Skip the setup. Run Strix in the cloud at [app.strix.ai](https://app.strix.ai).
## Features
-4
View File
@@ -3,10 +3,6 @@ title: "Contributing"
description: "Contribute to Strix development"
---
import { ScarfPixel } from "/snippets/scarf-pixel.mdx";
<ScarfPixel />
## Development Setup
### Prerequisites
-4
View File
@@ -3,10 +3,6 @@ title: "Introduction"
description: "Open-source AI hackers to secure your apps"
---
import { ScarfPixel } from "/snippets/scarf-pixel.mdx";
<ScarfPixel />
Strix are autonomous AI agents that act like real hackers—they run your code dynamically, find vulnerabilities, and validate them with proof-of-concepts. Built for developers and security teams who need fast, accurate security testing without the overhead of manual pentesting or the false positives of static analysis tools.
<Frame>
-4
View File
@@ -3,10 +3,6 @@ title: "CI/CD Integration"
description: "Run Strix in any CI/CD pipeline"
---
import { ScarfPixel } from "/snippets/scarf-pixel.mdx";
<ScarfPixel />
Strix runs in headless mode for automated pipelines.
## Headless Mode
-4
View File
@@ -3,10 +3,6 @@ title: "GitHub Actions"
description: "Run Strix security scans on every pull request"
---
import { ScarfPixel } from "/snippets/scarf-pixel.mdx";
<ScarfPixel />
Integrate Strix into your GitHub workflow to catch vulnerabilities before they reach production.
## Basic Workflow
-4
View File
@@ -3,10 +3,6 @@ title: "Anthropic"
description: "Configure Strix with Claude models"
---
import { ScarfPixel } from "/snippets/scarf-pixel.mdx";
<ScarfPixel />
## Setup
```bash
-4
View File
@@ -3,10 +3,6 @@ title: "Azure OpenAI"
description: "Configure Strix with OpenAI models via Azure"
---
import { ScarfPixel } from "/snippets/scarf-pixel.mdx";
<ScarfPixel />
## Setup
```bash
-4
View File
@@ -3,10 +3,6 @@ title: "AWS Bedrock"
description: "Configure Strix with models via AWS Bedrock"
---
import { ScarfPixel } from "/snippets/scarf-pixel.mdx";
<ScarfPixel />
## Setup
```bash
-4
View File
@@ -3,10 +3,6 @@ title: "Local Models"
description: "Run Strix with self-hosted LLMs for privacy and air-gapped testing"
---
import { ScarfPixel } from "/snippets/scarf-pixel.mdx";
<ScarfPixel />
Running Strix with local models allows for completely offline, privacy-first security assessments. Data never leaves your machine, making this ideal for sensitive internal networks or air-gapped environments.
## Privacy vs Performance
-4
View File
@@ -3,10 +3,6 @@ title: "Novita AI"
description: "Configure Strix with Novita AI models"
---
import { ScarfPixel } from "/snippets/scarf-pixel.mdx";
<ScarfPixel />
[Novita AI](https://novita.ai) provides fast, cost-efficient inference for open-source models via an OpenAI-compatible API.
## Setup
-4
View File
@@ -3,10 +3,6 @@ title: "OpenAI"
description: "Configure Strix with OpenAI models"
---
import { ScarfPixel } from "/snippets/scarf-pixel.mdx";
<ScarfPixel />
## Setup
```bash
-4
View File
@@ -3,10 +3,6 @@ title: "OpenRouter"
description: "Configure Strix with models via OpenRouter"
---
import { ScarfPixel } from "/snippets/scarf-pixel.mdx";
<ScarfPixel />
[OpenRouter](https://openrouter.ai) provides access to 100+ models from multiple providers through a single API.
## Setup
-4
View File
@@ -3,10 +3,6 @@ title: "Overview"
description: "Configure your AI model for Strix"
---
import { ScarfPixel } from "/snippets/scarf-pixel.mdx";
<ScarfPixel />
Strix uses [LiteLLM](https://docs.litellm.ai/docs/providers) for model compatibility, supporting 100+ LLM providers.
## Configuration
-4
View File
@@ -3,10 +3,6 @@ title: "Google Vertex AI"
description: "Configure Strix with Gemini models via Google Cloud"
---
import { ScarfPixel } from "/snippets/scarf-pixel.mdx";
<ScarfPixel />
## Installation
Vertex AI requires the Google Cloud dependency. Install Strix with the vertex extra:
-4
View File
@@ -3,10 +3,6 @@ title: "Quick Start"
description: "Install Strix and run your first security scan"
---
import { ScarfPixel } from "/snippets/scarf-pixel.mdx";
<ScarfPixel />
## Prerequisites
- Docker (running)
-10
View File
@@ -1,10 +0,0 @@
export const ScarfPixel = () => (
<img
referrerPolicy="no-referrer-when-downgrade"
src="https://static.scarf.sh/a.png?x-pxid=a0ba15dd-a205-4a54-95d6-7814e9ae6b61"
alt=""
width="1"
height="1"
style={{ position: "absolute", width: 0, height: 0, opacity: 0, pointerEvents: "none" }}
/>
);
@@ -1,34 +0,0 @@
agentic
Caido
deobfuscation
deserialization
Devstral
[Dd]ocstrings
exfiltration
failover
ffuf
Firestore
frontmatter
fuzzer
gcloud
hardcoded
Kimi
Langfuse
LLMs?
[Mm]isconfigurations?
Novita
Ollama
pentest(ers|ing)?
pipx
pull_request
Pydantic
spidering
SQLi
[Ss]trix
Supabase
traceback
UIs
untrusted
uv
vulns
[Ww]ordlist
-4
View File
@@ -3,10 +3,6 @@ title: "Browser"
description: "Playwright-powered Chrome for web application testing"
---
import { ScarfPixel } from "/snippets/scarf-pixel.mdx";
<ScarfPixel />
Strix uses a headless Chrome browser via Playwright to interact with web applications exactly like a real user would.
## How It Works
-4
View File
@@ -3,10 +3,6 @@ title: "Agent Tools"
description: "How Strix agents interact with targets"
---
import { ScarfPixel } from "/snippets/scarf-pixel.mdx";
<ScarfPixel />
Strix agents use specialized tools to test your applications like a real penetration tester would.
## Core Tools
-4
View File
@@ -3,10 +3,6 @@ title: "HTTP Proxy"
description: "Caido-powered proxy for request interception and replay"
---
import { ScarfPixel } from "/snippets/scarf-pixel.mdx";
<ScarfPixel />
Strix includes [Caido](https://caido.io), a modern HTTP proxy built for security testing. All browser traffic flows through Caido, giving the agent full control over requests and responses.
## Capabilities
-4
View File
@@ -3,10 +3,6 @@ title: "Sandbox Tools"
description: "Pre-installed security tools in the Strix container"
---
import { ScarfPixel } from "/snippets/scarf-pixel.mdx";
<ScarfPixel />
Strix runs inside a Kali Linux-based Docker container with a comprehensive set of security tools pre-installed. The agent can use any of these tools through the [terminal](/tools/terminal).
## Reconnaissance
-4
View File
@@ -3,10 +3,6 @@ title: "Terminal"
description: "Bash shell for running commands and security tools"
---
import { ScarfPixel } from "/snippets/scarf-pixel.mdx";
<ScarfPixel />
Strix has access to a persistent bash terminal running inside the Docker sandbox. This gives the agent access to all [pre-installed security tools](/tools/sandbox).
## Capabilities
-4
View File
@@ -3,10 +3,6 @@ title: "CLI Reference"
description: "Command-line options for Strix"
---
import { ScarfPixel } from "/snippets/scarf-pixel.mdx";
<ScarfPixel />
## Basic Usage
```bash
-4
View File
@@ -3,10 +3,6 @@ title: "Custom Instructions"
description: "Guide Strix with custom testing instructions"
---
import { ScarfPixel } from "/snippets/scarf-pixel.mdx";
<ScarfPixel />
Use instructions to provide context, credentials, or focus areas for your scan.
## Inline Instructions
-4
View File
@@ -3,10 +3,6 @@ title: "Scan Modes"
description: "Choose the right scan depth for your use case"
---
import { ScarfPixel } from "/snippets/scarf-pixel.mdx";
<ScarfPixel />
Strix offers three scan modes to balance speed and thoroughness.
## Quick
+18 -16
View File
@@ -3,6 +3,7 @@
from __future__ import annotations
import csv
import io
import json
import logging
import tempfile
@@ -58,9 +59,9 @@ def write_vulnerabilities(
new_reports = [r for r in vulnerability_reports if r["id"] not in saved_vuln_ids]
for report in new_reports:
(vuln_dir / f"{report['id']}.md").write_text(
_atomic_write_text(
vuln_dir / f"{report['id']}.md",
render_vulnerability_md(report),
encoding="utf-8",
)
saved_vuln_ids.add(report["id"])
@@ -69,20 +70,21 @@ def write_vulnerabilities(
key=lambda r: (_SEVERITY_ORDER.get(r["severity"], 5), r["timestamp"]),
)
csv_path = run_dir / "vulnerabilities.csv"
with csv_path.open("w", encoding="utf-8", newline="") as f:
fieldnames = ["id", "title", "severity", "timestamp", "file"]
writer = csv.DictWriter(f, fieldnames=fieldnames)
writer.writeheader()
for report in sorted_reports:
writer.writerow(
{
"id": report["id"],
"title": report["title"],
"severity": report["severity"].upper(),
"timestamp": report["timestamp"],
"file": f"vulnerabilities/{report['id']}.md",
},
)
csv_buf = io.StringIO()
fieldnames = ["id", "title", "severity", "timestamp", "file"]
csv_writer = csv.DictWriter(csv_buf, fieldnames=fieldnames, lineterminator="\r\n")
csv_writer.writeheader()
for report in sorted_reports:
csv_writer.writerow(
{
"id": report["id"],
"title": report["title"],
"severity": report["severity"].upper(),
"timestamp": report["timestamp"],
"file": f"vulnerabilities/{report['id']}.md",
},
)
_atomic_write_text(csv_path, csv_buf.getvalue())
_atomic_write_text(
run_dir / "vulnerabilities.json",