Releases: usestrix/strix
v0.8.2
What's Changed
- chore(deps): bump google-cloud-aiplatform from 1.129.0 to 1.133.0 by @dependabot[bot] in #319
- docs: fix Discord badge expired invite code by @mason5052 in #323
- feat: Expose Caido proxy port for human-in-the-loop by @0xallam in #327
New Contributors
- @mason5052 made their first contribution in #323
Full Changelog: v0.8.1...v0.8.2
Contributors
Assets 6
v0.8.1
What's Changed
- Resolve LLM API Base and Models by @octovimmer in #317
- Normalize alternative tool call formats by @0xallam in #318
Full Changelog: v0.8.0...v0.8.1
Contributors
Assets 6
v0.8.0
What's Changed
- chore: upgrade litellm to 1.81.1 for zai provider support by @LegendEvent in #293
- fix(llm): Pass API key and base URL to memory compressor by @0xallam in #296
- chore(deps): bump pypdf from 6.6.0 to 6.6.2 by @dependabot[bot] in #295
- Replace hardcoded git host detection with HTTP protocol probe by @0xallam in #298
- fix: Polish finish_scan report schema by @0xallam in #303
- feat: Add mouse text selection auto-copy to clipboard in TUI by @0xallam in #306
- chore(deps): bump pillow from 11.3.0 to 12.1.1 by @dependabot[bot] in #310
- chore(deps): bump cryptography from 44.0.1 to 46.0.5 by @dependabot[bot] in #307
- chore(deps): bump protobuf from 6.33.4 to 6.33.5 by @dependabot[bot] in #299
- Redesign vulnerability reporting with nested XML code locations and CVSS by @0xallam in #312
- fix: Add explicit UTF-8 encoding to read_text() calls by @TaeBbong in #301
- Improve code_locations for accurate PR suggestions by @0xallam in #314
- Strix LLM Documentation and Config Changes by @octovimmer in #315
- chore(deps): bump pypdf from 6.6.2 to 6.7.1 by @dependabot[bot] in #316
New Contributors
- @LegendEvent made their first contribution in #293
- @TaeBbong made their first contribution in #301
- @octovimmer made their first contribution in #315
Full Changelog: v0.7.0...v0.8.0
Contributors
Assets 6
v0.7.0
What's Changed
- fix: improve install script PATH handling for more shells by @0xallam in #265
- fix: always show shell restart warning after install by @0xallam in #266
- perf: optimize TUI streaming rendering performance by @0xallam in #267
- fix: strip ANSI codes from Python tool output and optimize highlighting by @0xallam in #268
- fix: remove 'unknown' fallback display in browser tool renderer by @0xallam in #269
- refactor: revamp proxy tool renderers for better UX by @0xallam in #270
- Redesign finished dialogs and UI elements by @0xallam in #272
- feat: remove docker container on shutdown by @0xallam in #273
- Migrate skills from Jinja to Markdown by @0xallam in #275
- Added .env variable override through --config param by @FeedClogger in #274
- fix(llm): collect usage stats from final stream chunk by @0xallam in #276
- docs: add documentation to main repository by @0xallam in #277
- docs: update skills documentation for markdown format by @0xallam in #288
- docs: update configuration documentation by @0xallam in #289
- docs: improve introduction page by @0xallam in #290
- docs: add benchmarks directory by @0xallam in #291
New Contributors
- @FeedClogger made their first contribution in #274
Full Changelog: v0.6.2...v0.7.0
Contributors
Assets 6
v0.6.2
What's Changed
- fix(tui): suppress stderr output in python renderer by @0xallam in #256
- fix(config): canonicalize LLM env handling by @0xallam in #257
- fix(runtime): parallel tool execution and remove signal handlers by @0xallam in #258
- chore(deps): bump pyasn1 from 0.6.1 to 0.6.2 by @dependabot[bot] in #260
- fix: improve container startup reliability and simplify initialization by @0xallam in #259
- refactor: share single browser instance across all agents by @0xallam in #264
Full Changelog: v0.6.1...v0.6.2
Contributors
Assets 6
v0.6.1
What's Changed
- fix(agent): fix tool schemas not retrieved on pyinstaller binary and validate tool call args in #250
- fix(agent): use correct agent name in identity instead of class name in #251
- fix(agent): fix agent loop hanging and simplify LLM module in #252
- chore(prompt): remove stop words and enforce single tool call per message in #253
- chore(prompt): reduce literal \n in tool parameters in #254
Full Changelog: v0.6.0...v0.6.1
v0.6.0
🚀 Strix v0.6.0 — Stronger Reasoning, Cleaner Findings, Better UX
Changelog
Strix v0.6.0 strengthens reasoning performance, improves how vulnerabilities are grouped and reported, and adds a series of quality-of-life upgrades across reporting, configuration, TUI, and container workflows.
Stronger Reasoning & Control
This release improves how Strix works with advanced reasoning models:
- Thinking blocks are preserved and chained across steps, so agents can reuse prior reasoning instead of re-deriving context every time
- Improved internal traces give agents better continuity across multi-step investigations and exploit chains
- New
STRIX_REASONING_EFFORTenvironment variable lets you control:- Depth and thoroughness of reasoning
- Latency vs quality tradeoffs (e.g., fast CI runs vs deep manual assessments)
More Granular Vulnerability Reporting
Vulnerability reporting has been expanded to better match real-world pentest and security review workflows:
- More structured and detailed fields per vulnerability
- Clearer separation of description, impact, evidence, and remediation
- Outputs that map more naturally into tickets, internal tracking, and formal reports
This reduces the amount of manual editing needed to go from Strix output to something you can hand to engineering or auditors.
LLM-Based Vulnerability Deduplication
Strix now includes LLM-based deduplication for vulnerability findings:
- Detects semantically similar or equivalent issues
- Merges duplicates into a single canonical finding
- Reduces noisy, repetitive entries in the final report
Live Vulnerabilities Panel
A dedicated live vulnerabilities panel has been added:
- Always-visible vulnerabilities list during a run
- Quick navigation across all known findings and their reports
- Fast drill-down into specific vulnerabilities directly from the TUI
This is especially useful for interactive sessions and long-running scans where you want to monitor findings as they are reported.
Refined Interactive TUI
The interactive TUI has been upgraded to provide better insight into agent behavior:
- Updated layout and improved visual styling
- Streaming output so you can follow agent activity in real time
- Terminal tool output rendering to show exactly what commands and tools are being run
- Dedicated dialogs for viewing vulnerability details without leaving context
You get a clearer view of what Strix is doing at each step, which makes debugging and supervision much easier.
Persistent Configuration
Strix now includes a centralized configuration system:
- Settings are auto-saved to
~/.strix/cli-config.json - Your CLI preferences persist across sessions
This reduces repeated environment setup and makes Strix feel more consistent run-to-run.
Better Local & Container Workflows
Improvements for local and containerized environments:
- Containers can now reach localhost targets more easily, improving local testing setups
- Added timeout handling for Docker operations to prevent indefinite hangs
These changes improve reliability in CI/CD pipelines and Docker-based deployments.
Fixes & Improvements
- Fixed
RuntimeError: dictionary changed size during iterationby using stable list-based iteration - Improved handling of string results in tool renderers
- Removed the deprecated
--run-nameCLI argument - General polish and stability improvements across the TUI and runtime
Try out the latest version:
curl -sSL https://strix.ai/install | bash
# or
pipx install strix-agentStrix Agent v0.5.0
🚀 Strix v0.5.0 — Scan Modes, Agent Todo tool & Standalone Binary Installation
Changelog
Strix v0.5.0 introduces a dedicated todo tool for agent task tracking, configurable scan modes for everything from CI to deep assessments, rich syntax highlighting with markdown rendering, and a new standalone binary so you can run Strix without Python or pipx.
🔥 Features
✅ Agent Todo Tool for Focused, Faster Agents
Agents now have a todo system they can use to:
- Break down complex engagements into concrete steps
- Keep an explicit backlog of what to do next
- Mark tasks as done or pending as they go
- Refine and reprioritize tasks mid-scan
This gives agents a memory of their plan, reduces looping and re-discovery of the same work, and helps them converge on meaningful findings faster - especially in long-running or multi-target assessments.
🕵️ Scan Modes (--scan-mode)
New --scan-mode option lets you dial in depth and speed:
-
quick
Optimized for CI/CD. Focuses on:- Recent changes (git diffs / PRs)
- High-impact vulnerabilities only
Ideal for fast feedback in pipelines.
-
standard
Balanced, systematic methodology:- Covers the full attack surface
- Good default for standard checks
-
deep(now the default)
Exhaustive testing powered by the hierarchical agent swarm:- More aggressive enumeration
- Multi-step exploit chains
- Best for thorough reviews and complex targets
🎨 Syntax Highlighting & Markdown Rendering
Agent tools are now much easier to read:
- Syntax highlighting in the TUI for tool renderers and agent output
(Python, JavaScript, and more) - Markdown rendering for agent messages:
- Headings, lists, code blocks
- Cleaner vulnerability reports and PoCs
This makes both interactive sessions and logs significantly more readable.
📦 Standalone Binary via PyInstaller
Strix now ships as a standalone binary:
- No system Python required
- No
pipxneeded
Install and update Strix on Linux, macOS, and Windows with:
curl -sSL https://strix.ai/install | bashYou can still install via pipx if you prefer, but the binary makes it trivial to drop Strix into constrained environments, containers, or CI runners.
🛠️ Fixes & Improvements
- Added unified API key support across providers
- Added support for Vertex AI models via
google-cloud-aiplatform - Added
STRIX_DISABLE_IMAGESflag to better support non-vision models - Filtered out
image_urlcontent when using non-vision models - Added timeout to sandbox tool execution to prevent indefinite hangs
- Fixed crash when handling very long text instructions
- Improved TUI with syntax highlighting for tool renderers and markdown agent messages
- Added unit tests for the argument parser
- Updated GitHub Actions checkout action version
- Dependency bumps for
fonttools,cryptography,urllib3, and more
Try out the latest version:
pipx install strix-agent
# or
curl -sSL https://strix.ai/install | bash👉 Join the Discord
⭐ Star us on GitHub
New Contributors
- @Vincent550102 made their first contribution in #169
- @Jeong-Ryeol made their first contribution in #157
- @K0IN made their first contribution in #189
- @RMartires made their first contribution in #188
Full Changelog: v0.4.0...v0.5.0
Contributors
Assets 6
Strix Agent v0.4.0
🚀 Strix v0.4.0 - Live Stats Panel, Persistent Reports & IP Scans
Changelog
Strix v0.4.0 adds file-based instructions for richer pentest configs, real-time persistence for findings, a live stats panel in both CLI and TUI, new prompt modules, better rate-limit handling, and IP address scanning support.
🔥 Features
📊 Live Agent Stats Panel
New interactive stats panel in both TUI and CLI shows:
- Vulnerabilities found so far
- Tokens used
- Cost estimates
- Active agents/tools
(Shoutout to @AlexanderDeBattista #134)
💾 Real-Time Results Persistence
Every finding is now written to disk as it’s discovered, so reports survive crashes, bad exits, or terminal issues. One of the most requested features. 🙌
📁 File-Based Instructions (--instruction)
Define detailed pentest instructions in a file instead of a single CLI string – perfect for longer scopes, rules of engagement, and target notes.
🚦 Fixes Excessive Rate-Limit Issues
Improved handling for lower LLM rate limits (especially Anthropic), reducing throttling errors and flaky runs. (Shoutout to @SellMeFish)
🧩 New Prompt Modules
Added prompt modules to the collection for:
- Open Redirect
- Subdomain Takeover
- Info Disclosure
(Shoutout to @Trusthoodies #132)
🌐 IP Address Scanning
You can now scan raw IP addresses directly, making it easier to test services that aren’t fronted by hostnames.
🛠️ Fixes & Improvements
- More robust handling of long-running scans
- Minor UX and CLI polish
Try out the latest version: pipx install strix-agent
Contributors
Assets 2
Strix Agent v0.3.1
🚀 Strix v0.3.1 — Headless Mode, Multi‑Target Scans & More
Changelog
Strix v0.3.1 introduces headless CLI mode for seamless automation, multi-target scanning for full-stack assessments, and improved visibility into scan results with per-severity breakdowns and agent iteration guidance. This release also includes stability improvements and raises the default iteration limit to support deeper scans and more advanced workflows.
🔥 Features
🧠 Headless CLI Mode (--non-interactive)
Run Strix without the REPL — perfect for automation, scripting, and CI/CD workflows.
Prints real-time findings and exits with a non-zero code if vulnerabilities are found.
⚙️ GitHub Actions / CI Integration
Strix can now be used directly in automation pipelines to block vulnerable code from merging.
Add it to your CI with a simple GitHub Actions workflow that fails the build if vulnerabilities are found.
🌐 Multi‑Target Scanning
Scan multiple targets in one run — repos, deployed URLs, APIs, etc.
Useful for:
- White-box + black-box in one scan
- Dev/staging/prod comparisons
- Full-stack and cross-component analysis
📊 Per‑Severity Vulnerability Counts
Completion panel now includes a color-coded summary of findings by severity.
⚠️ Agent Iteration Limit Warnings
Strix now sends internal warning messages to agents when they're nearing the configured iteration limit — nudging them to wrap up gracefully. This improves agent reliability, avoids abrupt stops, and helps ensure cleaner scan completion.
🔁 Increased Agent Iteration Limit
The default max_iterations is now set to 300, allowing agents to run deeper and cover more complex targets without early termination. Enables longer-running assessments and more thorough exploration of large apps or multi-component environments.
🛠️ Fixes & Improvements
- General stability improvements
- Minor CLI polish
Try out the latest version: pipx install strix-agent