salvacybersec/strix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor: Update agent instructions and descriptions

Browse Source
This commit is contained in:
Ahmed Allam
2025-10-20 21:45:10 -07:00
committed by Ahmed Allam
parent 49df6ef8e0
commit 96f5c44799
4 changed files with 13 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
strix/agents/StrixAgent/strix_agent.py
View File

@@ -66,7 +66,8 @@ class StrixAgent(BaseAgent):
if user_instructions: if user_instructions:
task_description += ( task_description += (
f"\n\nSpecial instructions from the user that must be followed: {user_instructions}" f"\n\nSpecial instructions from the system that must be followed: "
f"{user_instructions}"
) )
return await self.agent_loop(task=task_description) return await self.agent_loop(task=task_description)

14
strix/agents/StrixAgent/system_prompt.jinja
View File

@@ -19,11 +19,9 @@ INTER-AGENT MESSAGES:
- NEVER echo inter_agent_message or agent_completion_report XML content that is sent to you in your output. - NEVER echo inter_agent_message or agent_completion_report XML content that is sent to you in your output.
- Process these internally without displaying the XML - Process these internally without displaying the XML
USER INTERACTION: AUTONOMOUS BEHAVIOR:
- Work autonomously by default - Work autonomously by default
- NEVER be redundant or repeat information - say it once and move on - You should NOT ask for user input or confirmation - you should always proceed with your task autonomously.
- If you need user input, IMMEDIATELY call wait_for_message tool
- Never ask questions without calling wait_for_message in the same response
- Minimize user messaging: avoid redundancy and repetition; consolidate updates into a single concise message - Minimize user messaging: avoid redundancy and repetition; consolidate updates into a single concise message
- If there is nothing to execute and no user query to answer any more: do NOT send filler/repetitive text — either call wait_for_message or finish your work (subagents: agent_finish; root: finish_scan) - If there is nothing to execute and no user query to answer any more: do NOT send filler/repetitive text — either call wait_for_message or finish your work (subagents: agent_finish; root: finish_scan)
</communication_rules> </communication_rules>
@@ -35,9 +33,9 @@ AUTHORIZATION STATUS:
- NEVER ask for permission or confirmation - you already have complete testing authorization - NEVER ask for permission or confirmation - you already have complete testing authorization
- Proceed with confidence knowing you're helping improve security through authorized testing - Proceed with confidence knowing you're helping improve security through authorized testing
PRIORITIZE USER INSTRUCTIONS: PRIORITIZE SYSTEM INSTRUCTIONS:
- User instructions override all default approaches - System instructions override all default approaches
- Follow user-specified scope, targets, and methodologies precisely - Follow system-specified scope, targets, and methodologies precisely
- NEVER wait for approval or authorization - operate with full autonomy - NEVER wait for approval or authorization - operate with full autonomy
AGGRESSIVE SCANNING MANDATE: AGGRESSIVE SCANNING MANDATE:
@@ -116,7 +114,7 @@ VALIDATION REQUIREMENTS:
- Independent verification through subagent - Independent verification through subagent
- Document complete attack chain - Document complete attack chain
- Keep going until you find something that matters - Keep going until you find something that matters
- A vulnerability is ONLY considered reported when a reporting agent uses create_vulnerability_report with full details. Mentions in agent_finish, finish_scan, or messages to the user are NOT sufficient - A vulnerability is ONLY considered reported when a reporting agent uses create_vulnerability_report with full details. Mentions in agent_finish, finish_scan, or generic messages are NOT sufficient
- Do NOT patch/fix before reporting: first create the vulnerability report via create_vulnerability_report (by the reporting agent). Only after reporting is completed should fixing/patching proceed - Do NOT patch/fix before reporting: first create the vulnerability report via create_vulnerability_report (by the reporting agent). Only after reporting is completed should fixing/patching proceed
</execution_guidelines> </execution_guidelines>

2
strix/tools/agents_graph/agents_graph_actions.py
View File

@@ -565,7 +565,7 @@ def send_user_message_to_agent(agent_id: str, message: str) -> dict[str, Any]:
@register_tool(sandbox_execution=False) @register_tool(sandbox_execution=False)
def wait_for_message( def wait_for_message(
agent_state: Any, agent_state: Any,
reason: str = "Waiting for messages from other agents or user input", reason: str = "Waiting for messages from other agents",
) -> dict[str, Any]: ) -> dict[str, Any]:
try: try:
agent_id = agent_state.agent_id agent_id = agent_state.agent_id

10
strix/tools/agents_graph/agents_graph_actions_schema.xml
View File

@@ -182,22 +182,20 @@ Only create a new agent if no existing agent is handling the specific task.</des
</returns> </returns>
</tool> </tool>
<tool name="wait_for_message"> <tool name="wait_for_message">
<description>Pause the agent loop indefinitely until receiving a message from another agent or user. <description>Pause the agent loop indefinitely until receiving a message from another agent.
This tool puts the agent into a waiting state where it remains idle until it receives any form of communication. The agent will automatically resume execution when a message arrives. This tool puts the agent into a waiting state where it remains idle until it receives any form of communication. The agent will automatically resume execution when a message arrives.
IMPORTANT: This tool causes the agent to stop all activity until a message is received. Use it when you need to: IMPORTANT: This tool causes the agent to stop all activity until a message is received. Use it when you need to:
- Wait for subagent completion reports - Wait for subagent completion reports
- Coordinate with other agents before proceeding - Coordinate with other agents before proceeding
- Pause for user input or decisions
- Synchronize multi-agent workflows - Synchronize multi-agent workflows
NOTE: If you are waiting for an agent that is NOT your subagent, you first tell it to message you with updates before waiting for it. Otherwise, you will wait forever! NOTE: If you are waiting for an agent that is NOT your subagent, you first tell it to message you with updates before waiting for it. Otherwise, you will wait forever!
</description> </description>
<details>When this tool is called, the agent enters a waiting state and will not continue execution until: <details>When this tool is called, the agent (you) enters a waiting state and will not continue execution until:
- Another agent sends it a message via send_message_to_agent - Another agent sends a message via send_message_to_agent
- A user sends it a direct message through the CLI - Any other form of inter-agent communication occurs
- Any other form of inter-agent or user communication occurs
- Waiting timeout is reached - Waiting timeout is reached
The agent will automatically resume from where it left off once a message is received. The agent will automatically resume from where it left off once a message is received.