Open-source release for Alpha version

2025-08-08 20:36:44 -07:00
commit 81ac98e8b9
105 changed files with 22125 additions and 0 deletions
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -0,0 +1,358 @@
+[tool.poetry]
+name = "strix-agent"
+version = "0.1.4"
+description = "Open-source AI Hackers for your apps"
+authors = ["Strix <hi@usestrix.com>"]
+readme = "README.md"
+license = "Apache-2.0"
+keywords = [
+  "cybersecurity",
+  "security",
+  "vulnerability",
+  "scanner",
+  "pentest",
+  "agent",
+  "ai",
+  "cli",
+]
+classifiers = [
+  "Development Status :: 3 - Alpha",
+  "Intended Audience :: Information Technology",
+  "Intended Audience :: System Administrators",
+  "Topic :: Security",
+  "License :: OSI Approved :: Apache Software License",
+  "Environment :: Console",
+  "Programming Language :: Python",
+  "Programming Language :: Python :: 3",
+  "Programming Language :: Python :: 3 :: Only",
+  "Programming Language :: Python :: 3.12",
+]
+packages = [
+  { include = "strix" }
+]
+include = [
+  "LICENSE",
+  "README.md",
+  "strix/**/*.jinja",
+  "strix/**/*.xml",
+  "strix/**/*.tcss"
+]
+
+[tool.poetry.scripts]
+strix = "strix.cli.main:main"
+
+[tool.poetry.dependencies]
+python = "^3.12"
+fastapi = "*"
+uvicorn = "*"
+litellm = {extras = ["proxy"], version = "^1.72.1"}
+tenacity = "^9.0.0"
+numpydoc = "^1.8.0"
+pydantic = {extras = ["email"], version = "^2.11.3"}
+ipython = "^9.3.0"
+openhands-aci = "^0.3.0"
+playwright = "^1.48.0"
+rich = "*"
+docker = "^7.1.0"
+gql = {extras = ["requests"], version = "^3.5.3"}
+textual = "^4.0.0"
+xmltodict = "^0.13.0"
+pyte = "^0.8.1"
+requests = "^2.32.0"
+
+[tool.poetry.group.dev.dependencies]
+# Type checking and static analysis
+mypy = "^1.16.0"
+ruff = "^0.11.13"
+pyright = "^1.1.401"
+pylint = "^3.3.7"
+bandit = "^1.8.3"
+
+# Testing
+pytest = "^8.4.0"
+pytest-asyncio = "^1.0.0"
+pytest-cov = "^6.1.1"
+pytest-mock = "^3.14.1"
+
+# Development tools
+pre-commit = "^4.2.0"
+black = "^25.1.0"
+isort = "^6.0.1"
+
+[build-system]
+requires = ["poetry-core"]
+build-backend = "poetry.core.masonry.api"
+
+# ============================================================================
+# Type Checking Configuration
+# ============================================================================
+
+[tool.mypy]
+python_version = "3.12"
+strict = true
+strict_optional = true
+warn_redundant_casts = true
+warn_unused_ignores = true
+warn_return_any = true
+warn_unreachable = true
+disallow_untyped_defs = true
+disallow_any_generics = true
+disallow_subclassing_any = true
+disallow_untyped_calls = true
+disallow_incomplete_defs = true
+check_untyped_defs = true
+disallow_untyped_decorators = true
+no_implicit_optional = true
+warn_unused_configs = true
+show_error_codes = true
+show_column_numbers = true
+pretty = true
+
+# Allow some flexibility for third-party libraries
+[[tool.mypy.overrides]]
+module = [
+    "litellm.*",
+    "tenacity.*",
+    "numpydoc.*",
+    "rich.*",
+    "IPython.*",
+    "openhands_aci.*",
+    "playwright.*",
+    "uvicorn.*",
+    "jinja2.*",
+    "pydantic_settings.*",
+    "jwt.*",
+    "httpx.*",
+    "gql.*",
+    "textual.*",
+    "pyte.*",
+]
+ignore_missing_imports = true
+
+# ============================================================================
+# Ruff Configuration (Fast Python Linter & Formatter)
+# ============================================================================
+
+[tool.ruff]
+target-version = "py312"
+line-length = 100
+extend-exclude = [
+    ".git",
+    ".mypy_cache",
+    ".pytest_cache",
+    ".ruff_cache",
+    "__pycache__",
+    "build",
+    "dist",
+    "migrations",
+]
+
+[tool.ruff.lint]
+# Enable comprehensive rule sets
+select = [
+    "E",   # pycodestyle errors
+    "W",   # pycodestyle warnings
+    "F",   # Pyflakes
+    "I",   # isort
+    "N",   # pep8-naming
+    "UP",  # pyupgrade
+    "YTT", # flake8-2020
+    "S",   # flake8-bandit
+    "BLE", # flake8-blind-except
+    "FBT", # flake8-boolean-trap
+    "B",   # flake8-bugbear
+    "A",   # flake8-builtins
+    "COM", # flake8-commas
+    "C4",  # flake8-comprehensions
+    "DTZ", # flake8-datetimez
+    "T10", # flake8-debugger
+    "EM",  # flake8-errmsg
+    "FA",  # flake8-future-annotations
+    "ISC", # flake8-implicit-str-concat
+    "ICN", # flake8-import-conventions
+    "G",   # flake8-logging-format
+    "INP", # flake8-no-pep420
+    "PIE", # flake8-pie
+    "T20", # flake8-print
+    "PYI", # flake8-pyi
+    "PT",  # flake8-pytest-style
+    "Q",   # flake8-quotes
+    "RSE", # flake8-raise
+    "RET", # flake8-return
+    "SLF", # flake8-self
+    "SIM", # flake8-simplify
+    "TID", # flake8-tidy-imports
+    "TCH", # flake8-type-checking
+    "ARG", # flake8-unused-arguments
+    "PTH", # flake8-use-pathlib
+    "ERA", # eradicate
+    "PD",  # pandas-vet
+    "PGH", # pygrep-hooks
+    "PL",  # Pylint
+    "TRY", # tryceratops
+    "FLY", # flynt
+    "PERF", # Perflint
+    "RUF", # Ruff-specific rules
+]
+
+ignore = [
+    "S101",   # Use of assert
+    "S104",   # Possible binding to all interfaces
+    "S301",   # Use of pickle
+    "COM812", # Missing trailing comma (handled by formatter)
+    "ISC001", # Single line implicit string concatenation (handled by formatter)
+    "PLR0913", # Too many arguments to function call
+    "TRY003",  # Avoid specifying long messages outside the exception class
+    "EM101",   # Exception must not use a string literal
+    "EM102",   # Exception must not use an f-string literal
+    "FBT001",  # Boolean positional arg in function definition
+    "FBT002",  # Boolean default positional argument in function definition
+    "G004",    # Logging statement uses f-string
+    "PLR2004", # Magic value used in comparison
+    "SLF001",  # Private member accessed
+]
+
+[tool.ruff.lint.per-file-ignores]
+"tests/**/*.py" = [
+    "S106",   # Possible hardcoded password
+    "S108",   # Possible insecure usage of temporary file/directory
+    "ARG001", # Unused function argument
+    "PLR2004", # Magic value used in comparison
+]
+"strix/tools/**/*.py" = [
+    "ARG001", # Unused function argument (tools may have unused args for interface consistency)
+]
+
+[tool.ruff.lint.isort]
+force-single-line = false
+lines-after-imports = 2
+known-first-party = ["strix"]
+known-third-party = ["fastapi", "pydantic"]
+
+[tool.ruff.lint.pylint]
+max-args = 8
+
+[tool.ruff.format]
+quote-style = "double"
+indent-style = "space"
+skip-magic-trailing-comma = false
+line-ending = "auto"
+
+# ============================================================================
+# PyRight Configuration (Alternative type checker)
+# ============================================================================
+
+[tool.pyright]
+include = ["strix"]
+exclude = ["**/__pycache__", "build", "dist"]
+pythonVersion = "3.12"
+pythonPlatform = "Linux"
+
+typeCheckingMode = "strict"
+reportMissingImports = true
+reportMissingTypeStubs = false
+reportGeneralTypeIssues = true
+reportPropertyTypeMismatch = true
+reportFunctionMemberAccess = true
+reportMissingParameterType = true
+reportMissingTypeArgument = true
+reportIncompatibleMethodOverride = true
+reportIncompatibleVariableOverride = true
+reportInconsistentConstructor = true
+reportOverlappingOverload = true
+reportConstantRedefinition = true
+reportImportCycles = true
+reportUnusedImport = true
+reportUnusedClass = true
+reportUnusedFunction = true
+reportUnusedVariable = true
+reportDuplicateImport = true
+
+# ============================================================================
+# Black Configuration (Code Formatter)
+# ============================================================================
+
+[tool.black]
+line-length = 100
+target-version = ['py312']
+include = '\\.pyi?$'
+extend-exclude = '''
+/(
+  # directories
+  \.eggs
+  | \.git
+  | \.hg
+  | \.mypy_cache
+  | \.tox
+  | \.venv
+  | build
+  | dist
+)/
+'''
+
+# ============================================================================
+# isort Configuration (Import Sorting)
+# ============================================================================
+
+[tool.isort]
+profile = "black"
+line_length = 100
+multi_line_output = 3
+include_trailing_comma = true
+force_grid_wrap = 0
+use_parentheses = true
+ensure_newline_before_comments = true
+known_first_party = ["strix"]
+known_third_party = ["fastapi", "pydantic", "litellm", "tenacity"]
+
+# ============================================================================
+# Pytest Configuration
+# ============================================================================
+
+[tool.pytest.ini_options]
+minversion = "6.0"
+addopts = [
+    "--strict-markers",
+    "--strict-config",
+    "--cov=strix",
+    "--cov-report=term-missing",
+    "--cov-report=html",
+    "--cov-report=xml",
+    "--cov-fail-under=80"
+]
+testpaths = ["tests"]
+python_files = ["test_*.py", "*_test.py"]
+python_functions = ["test_*"]
+python_classes = ["Test*"]
+asyncio_mode = "auto"
+
+[tool.coverage.run]
+source = ["strix"]
+omit = [
+    "*/tests/*",
+    "*/migrations/*",
+    "*/__pycache__/*"
+]
+
+[tool.coverage.report]
+exclude_lines = [
+    "pragma: no cover",
+    "def __repr__",
+    "if self.debug:",
+    "if settings.DEBUG",
+    "raise AssertionError",
+    "raise NotImplementedError",
+    "if 0:",
+    "if __name__ == .__main__.:",
+    "class .*\\bProtocol\\):",
+    "@(abc\\.)?abstractmethod",
+]
+
+# ============================================================================
+# Bandit Configuration (Security Linting)
+# ============================================================================
+
+[tool.bandit]
+exclude_dirs = ["tests", "docs", "build", "dist"]
+skips = ["B101", "B601", "B404", "B603", "B607"]  # Skip assert, shell injection, subprocess import and partial path checks
+severity = "medium"