strix/pyproject.toml

[tool.poetry]
name = "strix-agent"
version = "0.3.3"
description = "Open-source AI Hackers for your apps"
authors = ["Strix <hi@usestrix.com>"]
readme = "README.md"
license = "Apache-2.0"
keywords = [
  "cybersecurity",
  "security",
  "vulnerability",
  "scanner",
  "pentest",
  "agent",
  "ai",
  "cli",
]
classifiers = [
  "Development Status :: 3 - Alpha",
  "Intended Audience :: Information Technology",
  "Intended Audience :: System Administrators",
  "Topic :: Security",
  "License :: OSI Approved :: Apache Software License",
  "Environment :: Console",
  "Programming Language :: Python",
  "Programming Language :: Python :: 3",
  "Programming Language :: Python :: 3 :: Only",
  "Programming Language :: Python :: 3.12",
]
packages = [
  { include = "strix", format = ["sdist", "wheel"] }
]
include = [
  "LICENSE",
  "README.md",
  "strix/**/*.jinja",
  "strix/**/*.xml",
  "strix/**/*.tcss"
]

[tool.poetry.scripts]
strix = "strix.interface.main:main"

[tool.poetry.dependencies]
python = "^3.12"
fastapi = "*"
uvicorn = "*"
litellm = { version = "~1.79.1", extras = ["proxy"] }
openai = ">=1.99.5,<1.100.0"
tenacity = "^9.0.0"
numpydoc = "^1.8.0"
pydantic = {extras = ["email"], version = "^2.11.3"}
ipython = "^9.3.0"
openhands-aci = "^0.3.0"
playwright = "^1.48.0"
rich = "*"
docker = "^7.1.0"
gql = {extras = ["requests"], version = "^3.5.3"}
textual = "^4.0.0"
xmltodict = "^0.13.0"
pyte = "^0.8.1"
requests = "^2.32.0"
libtmux = "^0.46.2"

[tool.poetry.group.dev.dependencies]
# Type checking and static analysis
mypy = "^1.16.0"
ruff = "^0.11.13"
pyright = "^1.1.401"
pylint = "^3.3.7"
bandit = "^1.8.3"

# Testing
pytest = "^8.4.0"
pytest-asyncio = "^1.0.0"
pytest-cov = "^6.1.1"
pytest-mock = "^3.14.1"

# Development tools
pre-commit = "^4.2.0"
black = "^25.1.0"
isort = "^6.0.1"

[build-system]
requires = ["poetry-core"]
build-backend = "poetry.core.masonry.api"

# ============================================================================
# Type Checking Configuration
# ============================================================================

[tool.mypy]
python_version = "3.12"
strict = true
strict_optional = true
warn_redundant_casts = true
warn_unused_ignores = true
warn_return_any = true
warn_unreachable = true
disallow_untyped_defs = true
disallow_any_generics = true
disallow_subclassing_any = true
disallow_untyped_calls = true
disallow_incomplete_defs = true
check_untyped_defs = true
disallow_untyped_decorators = true
no_implicit_optional = true
warn_unused_configs = true
show_error_codes = true
show_column_numbers = true
pretty = true

# Allow some flexibility for third-party libraries
[[tool.mypy.overrides]]
module = [
    "litellm.*",
    "tenacity.*",
    "numpydoc.*",
    "rich.*",
    "IPython.*",
    "openhands_aci.*",
    "playwright.*",
    "uvicorn.*",
    "jinja2.*",
    "pydantic_settings.*",
    "jwt.*",
    "httpx.*",
    "gql.*",
    "textual.*",
    "pyte.*",
    "libtmux.*",
]
ignore_missing_imports = true

# ============================================================================
# Ruff Configuration (Fast Python Linter & Formatter)
# ============================================================================

[tool.ruff]
target-version = "py312"
line-length = 100
extend-exclude = [
    ".git",
    ".mypy_cache",
    ".pytest_cache",
    ".ruff_cache",
    "__pycache__",
    "build",
    "dist",
    "migrations",
]

[tool.ruff.lint]
# Enable comprehensive rule sets
select = [
    "E",   # pycodestyle errors
    "W",   # pycodestyle warnings
    "F",   # Pyflakes
    "I",   # isort
    "N",   # pep8-naming
    "UP",  # pyupgrade
    "YTT", # flake8-2020
    "S",   # flake8-bandit
    "BLE", # flake8-blind-except
    "FBT", # flake8-boolean-trap
    "B",   # flake8-bugbear
    "A",   # flake8-builtins
    "COM", # flake8-commas
    "C4",  # flake8-comprehensions
    "DTZ", # flake8-datetimez
    "T10", # flake8-debugger
    "EM",  # flake8-errmsg
    "FA",  # flake8-future-annotations
    "ISC", # flake8-implicit-str-concat
    "ICN", # flake8-import-conventions
    "G",   # flake8-logging-format
    "INP", # flake8-no-pep420
    "PIE", # flake8-pie
    "T20", # flake8-print
    "PYI", # flake8-pyi
    "PT",  # flake8-pytest-style
    "Q",   # flake8-quotes
    "RSE", # flake8-raise
    "RET", # flake8-return
    "SLF", # flake8-self
    "SIM", # flake8-simplify
    "TID", # flake8-tidy-imports
    "TCH", # flake8-type-checking
    "ARG", # flake8-unused-arguments
    "PTH", # flake8-use-pathlib
    "ERA", # eradicate
    "PD",  # pandas-vet
    "PGH", # pygrep-hooks
    "PL",  # Pylint
    "TRY", # tryceratops
    "FLY", # flynt
    "PERF", # Perflint
    "RUF", # Ruff-specific rules
]

ignore = [
    "S101",   # Use of assert
    "S104",   # Possible binding to all interfaces
    "S301",   # Use of pickle
    "COM812", # Missing trailing comma (handled by formatter)
    "ISC001", # Single line implicit string concatenation (handled by formatter)
    "PLR0913", # Too many arguments to function call
    "TRY003",  # Avoid specifying long messages outside the exception class
    "EM101",   # Exception must not use a string literal
    "EM102",   # Exception must not use an f-string literal
    "FBT001",  # Boolean positional arg in function definition
    "FBT002",  # Boolean default positional argument in function definition
    "G004",    # Logging statement uses f-string
    "PLR2004", # Magic value used in comparison
    "SLF001",  # Private member accessed
]

[tool.ruff.lint.per-file-ignores]
"tests/**/*.py" = [
    "S106",   # Possible hardcoded password
    "S108",   # Possible insecure usage of temporary file/directory
    "ARG001", # Unused function argument
    "PLR2004", # Magic value used in comparison
]
"strix/tools/**/*.py" = [
    "ARG001", # Unused function argument (tools may have unused args for interface consistency)
]

[tool.ruff.lint.isort]
force-single-line = false
lines-after-imports = 2
known-first-party = ["strix"]
known-third-party = ["fastapi", "pydantic"]

[tool.ruff.lint.pylint]
max-args = 8

[tool.ruff.format]
quote-style = "double"
indent-style = "space"
skip-magic-trailing-comma = false
line-ending = "auto"

# ============================================================================
# PyRight Configuration (Alternative type checker)
# ============================================================================

[tool.pyright]
include = ["strix"]
exclude = ["**/__pycache__", "build", "dist"]
pythonVersion = "3.12"
pythonPlatform = "Linux"

typeCheckingMode = "strict"
reportMissingImports = true
reportMissingTypeStubs = false
reportGeneralTypeIssues = true
reportPropertyTypeMismatch = true
reportFunctionMemberAccess = true
reportMissingParameterType = true
reportMissingTypeArgument = true
reportIncompatibleMethodOverride = true
reportIncompatibleVariableOverride = true
reportInconsistentConstructor = true
reportOverlappingOverload = true
reportConstantRedefinition = true
reportImportCycles = true
reportUnusedImport = true
reportUnusedClass = true
reportUnusedFunction = true
reportUnusedVariable = true
reportDuplicateImport = true

# ============================================================================
# Black Configuration (Code Formatter)
# ============================================================================

[tool.black]
line-length = 100
target-version = ['py312']
include = '\\.pyi?$'
extend-exclude = '''
/(
  # directories
  \.eggs
  | \.git
  | \.hg
  | \.mypy_cache
  | \.tox
  | \.venv
  | build
  | dist
)/
'''

# ============================================================================
# isort Configuration (Import Sorting)
# ============================================================================

[tool.isort]
profile = "black"
line_length = 100
multi_line_output = 3
include_trailing_comma = true
force_grid_wrap = 0
use_parentheses = true
ensure_newline_before_comments = true
known_first_party = ["strix"]
known_third_party = ["fastapi", "pydantic", "litellm", "tenacity"]

# ============================================================================
# Pytest Configuration
# ============================================================================

[tool.pytest.ini_options]
minversion = "6.0"
addopts = [
    "--strict-markers",
    "--strict-config",
    "--cov=strix",
    "--cov-report=term-missing",
    "--cov-report=html",
    "--cov-report=xml",
    "--cov-fail-under=80"
]
testpaths = ["tests"]
python_files = ["test_*.py", "*_test.py"]
python_functions = ["test_*"]
python_classes = ["Test*"]
asyncio_mode = "auto"

[tool.coverage.run]
source = ["strix"]
omit = [
    "*/tests/*",
    "*/migrations/*",
    "*/__pycache__/*"
]

[tool.coverage.report]
exclude_lines = [
    "pragma: no cover",
    "def __repr__",
    "if self.debug:",
    "if settings.DEBUG",
    "raise AssertionError",
    "raise NotImplementedError",
    "if 0:",
    "if __name__ == .__main__.:",
    "class .*\\bProtocol\\):",
    "@(abc\\.)?abstractmethod",
]

# ============================================================================
# Bandit Configuration (Security Linting)
# ============================================================================

[tool.bandit]
exclude_dirs = ["tests", "docs", "build", "dist"]
skips = ["B101", "B601", "B404", "B603", "B607"]  # Skip assert, shell injection, subprocess import and partial path checks
severity = "medium"