diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md
index 060e3d4..f9b9106 100644
--- a/.github/ISSUE_TEMPLATE/bug_report.md
+++ b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -12,7 +12,7 @@ A clear and concise description of what the bug is.
**To Reproduce**
Steps to reproduce the behavior:
-1.
+1.
2.
3.
4.
@@ -24,9 +24,9 @@ A clear and concise description of what you expected to happen.
If applicable, add screenshots to help explain your problem.
**System Information:**
-- OS: [e.g. Ubuntu 22.04]
-- Strix Version or Commit: [e.g. 0.1.18]
-- Python Version: [e.g. 3.12]
+- OS: [e.g. Ubuntu 22.04]
+- Strix Version or Commit: [e.g. 0.1.18]
+- Python Version: [e.g. 3.12]
- LLM Used: [e.g. GPT-5, Claude Sonnet 4]
**Additional context**
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
new file mode 100644
index 0000000..1826169
--- /dev/null
+++ b/CONTRIBUTING.md
@@ -0,0 +1,116 @@
+# Contributing to Strix
+
+Thank you for your interest in contributing to Strix! This guide will help you get started with development and contributions.
+
+## 🚀 Development Setup
+
+### Prerequisites
+
+- Python 3.12+
+- Docker (running)
+- Poetry (for dependency management)
+- Git
+
+### Local Development
+
+1. **Clone the repository**
+ ```bash
+ git clone https://github.com/usestrix/strix.git
+ cd strix
+ ```
+
+2. **Install development dependencies**
+ ```bash
+ make setup-dev
+
+ # or manually:
+ poetry install --with=dev
+ poetry run pre-commit install
+ ```
+
+3. **Configure your LLM provider**
+ ```bash
+ export STRIX_LLM="openai/gpt-5"
+ export LLM_API_KEY="your-api-key"
+ ```
+
+4. **Run Strix in development mode**
+ ```bash
+ poetry run strix --target https://example.com
+ ```
+
+## 📚 Contributing Prompt Modules
+
+Prompt modules are specialized knowledge packages that enhance agent capabilities. See [strix/prompts/README.md](strix/prompts/README.md) for detailed guidelines.
+
+### Quick Guide
+
+1. **Choose the right category** (`/vulnerabilities`, `/frameworks`, `/technologies`, etc.)
+2. **Create a** `.jinja` file with your prompts
+3. **Include practical examples** - Working payloads, commands, or test cases
+4. **Provide validation methods** - How to confirm findings and avoid false positives
+5. **Submit via PR** with clear description
+
+## 🔧 Contributing Code
+
+### Pull Request Process
+
+1. **Create an issue first** - Describe the problem or feature
+2. **Fork and branch** - Work from the `main` branch
+3. **Make your changes** - Follow existing code style
+4. **Write/update tests** - Ensure coverage for new features
+5. **Run quality checks** - `make check-all` should pass
+6. **Submit PR** - Link to issue and provide context
+
+### PR Guidelines
+
+- **Clear description** - Explain what and why
+- **Small, focused changes** - One feature/fix per PR
+- **Include examples** - Show before/after behavior
+- **Update documentation** - If adding features
+- **Pass all checks** - Tests, linting, type checking
+
+### Code Style
+
+- Follow PEP 8 with 100-character line limit
+- Use type hints for all functions
+- Write docstrings for public methods
+- Keep functions focused and small
+- Use meaningful variable names
+
+## 🐛 Reporting Issues
+
+When reporting bugs, please include:
+
+- Python version and OS
+- Strix version
+- LLMs being used
+- Full error traceback
+- Steps to reproduce
+- Expected vs actual behavior
+
+## 💡 Feature Requests
+
+We welcome feature ideas! Please:
+
+- Check existing issues first
+- Describe the use case clearly
+- Explain why it would benefit users
+- Consider implementation approach
+- Be open to discussion
+
+## 🤝 Community
+
+- **Discord**: [Join our community](https://discord.gg/yduEyduBsp)
+- **Issues**: [GitHub Issues](https://github.com/usestrix/strix/issues)
+
+## ✨ Recognition
+
+We value all contributions! Contributors will be:
+- Listed in release notes
+- Thanked in our Discord
+- Added to contributors list (coming soon)
+
+---
+
+**Questions?** Reach out on [Discord](https://discord.gg/yduEyduBsp) or create an issue. We're here to help!
diff --git a/README.md b/README.md
index 1dedfab..63bfd1f 100644
--- a/README.md
+++ b/README.md
@@ -145,6 +145,23 @@ Our managed platform provides:
> [!WARNING]
> Only test systems you own or have permission to test. You are responsible for using Strix ethically and legally.
+## 🤝 Contributing
+
+We welcome contributions from the community! There are several ways to contribute:
+
+### Code Contributions
+See our [Contributing Guide](CONTRIBUTING.md) for details on:
+- Setting up your development environment
+- Running tests and quality checks
+- Submitting pull requests
+- Code style guidelines
+
+### Prompt Modules Collection
+Help expand our collection of specialized prompt modules for AI agents:
+- Advanced testing techniques for vulnerabilities, frameworks, and technologies
+- See [Prompt Modules Documentation](strix/prompts/README.md) for guidelines
+- Submit via [pull requests](https://github.com/usestrix/strix/pulls) or [issues](https://github.com/usestrix/strix/issues)
+
## 🌟 Support the Project
**Love Strix?** Give us a ⭐ on GitHub!
diff --git a/strix/agents/StrixAgent/system_prompt.jinja b/strix/agents/StrixAgent/system_prompt.jinja
index 0a407d9..b8b3746 100644
--- a/strix/agents/StrixAgent/system_prompt.jinja
+++ b/strix/agents/StrixAgent/system_prompt.jinja
@@ -248,7 +248,7 @@ CRITICAL RULES:
- **ONE AGENT = ONE TASK** - Don't let agents do multiple unrelated jobs
- **SPAWN REACTIVELY** - Create new agents based on what you discover
- **ONLY REPORTING AGENTS** can use create_vulnerability_report tool
-- **AGENT SPECIALIZATION MANDATORY** - Each agent must be highly specialized with maximum 3 prompt modules
+- **AGENT SPECIALIZATION MANDATORY** - Each agent must be highly specialized; prefer 1–3 prompt modules, up to 5 for complex contexts
- **NO GENERIC AGENTS** - Avoid creating broad, multi-purpose agents that dilute focus
AGENT SPECIALIZATION EXAMPLES:
@@ -262,7 +262,7 @@ GOOD SPECIALIZATION:
BAD SPECIALIZATION:
- "General Web Testing Agent" with prompt_modules: sql_injection, xss, csrf, ssrf, authentication_jwt (too broad)
- "Everything Agent" with prompt_modules: all available modules (completely unfocused)
-- Any agent with more than 3 prompt modules (violates constraints)
+- Any agent with more than 5 prompt modules (violates constraints)
FOCUS PRINCIPLES:
- Each agent should have deep expertise in 1-3 related vulnerability types
diff --git a/strix/cli/app.py b/strix/cli/app.py
index 63414f0..cf27ba2 100644
--- a/strix/cli/app.py
+++ b/strix/cli/app.py
@@ -7,7 +7,7 @@ import signal
import sys
import threading
from collections.abc import Callable
-from typing import Any, ClassVar
+from typing import Any, ClassVar, cast
from rich.markup import escape as rich_escape
from rich.text import Text
@@ -26,7 +26,7 @@ from strix.llm.config import LLMConfig
def escape_markup(text: str) -> str:
- return rich_escape(text)
+ return cast("str", rich_escape(text))
class ChatTextArea(TextArea): # type: ignore[misc]
diff --git a/strix/cli/main.py b/strix/cli/main.py
index 88be839..df5655e 100644
--- a/strix/cli/main.py
+++ b/strix/cli/main.py
@@ -139,7 +139,8 @@ def validate_environment() -> None:
)
elif var == "LLM_API_BASE":
error_text.append(
- "export LLM_API_BASE='http://localhost:11434' # needed for local models only\n",
+ "export LLM_API_BASE='http://localhost:11434' "
+ "# needed for local models only\n",
style="dim white",
)
elif var == "PERPLEXITY_API_KEY":
diff --git a/strix/cli/tool_components/base_renderer.py b/strix/cli/tool_components/base_renderer.py
index 80b8f54..f1006be 100644
--- a/strix/cli/tool_components/base_renderer.py
+++ b/strix/cli/tool_components/base_renderer.py
@@ -1,5 +1,5 @@
from abc import ABC, abstractmethod
-from typing import Any, ClassVar
+from typing import Any, ClassVar, cast
from rich.markup import escape as rich_escape
from textual.widgets import Static
@@ -17,7 +17,7 @@ class BaseToolRenderer(ABC):
@classmethod
def escape_markup(cls, text: str) -> str:
- return rich_escape(text)
+ return cast("str", rich_escape(text))
@classmethod
def format_args(cls, args: dict[str, Any], max_length: int = 500) -> str:
diff --git a/strix/cli/tool_components/reporting_renderer.py b/strix/cli/tool_components/reporting_renderer.py
index 8e7ee94..f2b67b2 100644
--- a/strix/cli/tool_components/reporting_renderer.py
+++ b/strix/cli/tool_components/reporting_renderer.py
@@ -27,7 +27,8 @@ class CreateVulnerabilityReportRenderer(BaseToolRenderer):
if severity:
severity_color = cls._get_severity_color(severity.lower())
content_parts.append(
- f" [dim]Severity: [{severity_color}]{cls.escape_markup(severity.upper())}[/{severity_color}][/]"
+ f" [dim]Severity: [{severity_color}]"
+ f"{cls.escape_markup(severity.upper())}[/{severity_color}][/]"
)
if content:
diff --git a/strix/prompts/README.md b/strix/prompts/README.md
new file mode 100644
index 0000000..52464e6
--- /dev/null
+++ b/strix/prompts/README.md
@@ -0,0 +1,64 @@
+# 📚 Strix Prompt Modules
+
+## 🎯 Overview
+
+Prompt modules are specialized knowledge packages that enhance Strix agents with deep expertise in specific vulnerability types, technologies, and testing methodologies. Each module provides advanced techniques, practical examples, and validation methods that go beyond baseline security knowledge.
+
+---
+
+## 🏗️ Architecture
+
+### How Prompts Work
+
+When an agent is created, it can load up to 5 specialized prompt modules relevant to the specific subtask and context at hand:
+
+```python
+# Agent creation with specialized modules
+create_agent(
+ task="Test authentication mechanisms in API",
+ name="Auth Specialist",
+ prompt_modules="authentication_jwt,business_logic"
+)
+```
+
+The modules are dynamically injected into the agent's system prompt, allowing it to operate with deep expertise tailored to the specific vulnerability types or technologies required for the task at hand.
+
+---
+
+## 📁 Module Categories
+
+| Category | Purpose |
+|----------|---------|
+| **`/vulnerabilities`** | Advanced testing techniques for core vulnerability classes like authentication bypasses, business logic flaws, and race conditions |
+| **`/frameworks`** | Specific testing methods for popular frameworks e.g. Django, Express, FastAPI, and Next.js |
+| **`/technologies`** | Specialized techniques for third-party services such as Supabase, Firebase, Auth0, and payment gateways |
+| **`/protocols`** | Protocol-specific testing patterns for GraphQL, WebSocket, OAuth, and other communication standards |
+| **`/cloud`** | Cloud provider security testing for AWS, Azure, GCP, and Kubernetes environments |
+| **`/reconnaissance`** | Advanced information gathering and enumeration techniques for comprehensive attack surface mapping |
+| **`/custom`** | Community-contributed modules for specialized or industry-specific testing scenarios |
+
+---
+
+## 🎨 Creating New Modules
+
+### What Should a Module Contain?
+
+A good prompt module is a structured knowledge package that typically includes:
+
+- **Advanced techniques** - Non-obvious methods specific to the task and domain
+- **Practical examples** - Working payloads, commands, or test cases with variations
+- **Validation methods** - How to confirm findings and avoid false positives
+- **Context-specific insights** - Environment and version nuances, configuration-dependent behavior, and edge cases
+
+Modules use XML-style tags for structure and focus on deep, specialized knowledge that significantly enhances agent capabilities for that specific context.
+
+---
+
+## 🤝 Contributing
+
+Community contributions are more than welcome — contribute new modules via [pull requests](https://github.com/usestrix/strix/pulls) or [GitHub issues](https://github.com/usestrix/strix/issues) to help expand the collection and improve extensibility for Strix agents.
+
+---
+
+> [!NOTE]
+> **Work in Progress** - We're actively expanding the prompt module collection with specialized techniques and new categories.
diff --git a/strix/prompts/__init__.py b/strix/prompts/__init__.py
index 2e6682e..28ff8aa 100644
--- a/strix/prompts/__init__.py
+++ b/strix/prompts/__init__.py
@@ -58,7 +58,7 @@ def generate_modules_description() -> str:
modules_str = ", ".join(sorted_modules)
description = (
- f"List of prompt modules to load for this agent (max 3). Available modules: {modules_str}. "
+ f"List of prompt modules to load for this agent (max 5). Available modules: {modules_str}. "
)
example_modules = sorted_modules[:2]
diff --git a/strix/prompts/cloud/.gitkeep b/strix/prompts/cloud/.gitkeep
new file mode 100644
index 0000000..e69de29
diff --git a/strix/prompts/custom/.gitkeep b/strix/prompts/custom/.gitkeep
new file mode 100644
index 0000000..e69de29
diff --git a/strix/prompts/frameworks/.gitkeep b/strix/prompts/frameworks/.gitkeep
new file mode 100644
index 0000000..e69de29
diff --git a/strix/prompts/protocols/.gitkeep b/strix/prompts/protocols/.gitkeep
new file mode 100644
index 0000000..e69de29
diff --git a/strix/prompts/reconnaissance/.gitkeep b/strix/prompts/reconnaissance/.gitkeep
new file mode 100644
index 0000000..e69de29
diff --git a/strix/prompts/technologies/.gitkeep b/strix/prompts/technologies/.gitkeep
new file mode 100644
index 0000000..e69de29
diff --git a/strix/tools/agents_graph/agents_graph_actions.py b/strix/tools/agents_graph/agents_graph_actions.py
index e9a2cb5..3decd89 100644
--- a/strix/tools/agents_graph/agents_graph_actions.py
+++ b/strix/tools/agents_graph/agents_graph_actions.py
@@ -199,11 +199,11 @@ def create_agent(
if prompt_modules:
module_list = [m.strip() for m in prompt_modules.split(",") if m.strip()]
- if len(module_list) > 3:
+ if len(module_list) > 5:
return {
"success": False,
"error": (
- "Cannot specify more than 3 prompt modules for an agent "
+ "Cannot specify more than 5 prompt modules for an agent "
"(use comma-separated format)"
),
"agent_id": None,
diff --git a/strix/tools/agents_graph/agents_graph_actions_schema.xml b/strix/tools/agents_graph/agents_graph_actions_schema.xml
index f9d67a4..9b02e9b 100644
--- a/strix/tools/agents_graph/agents_graph_actions_schema.xml
+++ b/strix/tools/agents_graph/agents_graph_actions_schema.xml
@@ -80,7 +80,7 @@ Only create a new agent if no existing agent is handling the specific task.Whether the new agent should inherit parent's conversation history and context
- Comma-separated list of prompt modules to use for the agent (MAXIMUM 3 modules allowed). Most agents should have at least one module in order to be useful. Agents should be highly specialized - use 1-3 related vulnerability modules only. {{DYNAMIC_MODULES_DESCRIPTION}}
+ Comma-separated list of prompt modules to use for the agent (MAXIMUM 5 modules allowed). Most agents should have at least one module in order to be useful. Agents should be highly specialized - use 1-3 related modules; up to 5 for complex contexts. {{DYNAMIC_MODULES_DESCRIPTION}}
@@ -114,7 +114,7 @@ Only create a new agent if no existing agent is handling the specific task.xss
- # Example of maximum 3 related modules (borderline acceptable)
+ # Example of up to 5 related modules (borderline acceptable)
Test for server-side vulnerabilities including SSRF, XXE, and potential
RCE vectors in file upload and XML processing endpoints.
diff --git a/strix/tools/registry.py b/strix/tools/registry.py
index ab82d60..a12ae2b 100644
--- a/strix/tools/registry.py
+++ b/strix/tools/registry.py
@@ -33,7 +33,7 @@ def _process_dynamic_content(content: str) -> str:
logger.warning("Could not import prompts utilities for dynamic schema generation")
content = content.replace(
"{{DYNAMIC_MODULES_DESCRIPTION}}",
- "List of prompt modules to load for this agent (max 3). Module discovery failed.",
+ "List of prompt modules to load for this agent (max 5). Module discovery failed.",
)
return content