Skip to content

Releases: usestrix/strix

v1.1.0

Choose a tag to compare

@github-actions github-actions released this 14 Jul 11:47
91d9a84

Strix v1.1.0

First release since v1.0.4. Highlights below (~56 merged PRs).

New security skills

  • Weak-password detection skill (#621, #654)
  • LLM prompt-injection skill (#616)
  • GCP and Auth0 reconnaissance skills
  • Five new skills: OAuth, AWS, prototype pollution, deserialization, Django (#617)
  • Skill-directory registration (#746)

SARIF / CI integration

  • SARIF 2.1.0 emitter for GitHub code-scanning / ASPM ingestion (#626)
  • STRIDE tagging of SARIF rules derived from CWE (#708)
  • Omit SARIF version-control provenance for multi-repo scans (#726)

Dependency / SCA reporting

  • New dependency reporting fields (#751)
  • Require advisory_cvss for dependency findings + SCA TUI renderer (#753)

Cost & scope controls

  • Configurable token / cost usage limits, --max-budget-usd (#576)
  • Bind-mount option for large target repos (#577)
  • --target list-file CLI option (#711)

LLM / provider

  • Use core LiteLLM dependency (#752); cap openai<2.45 + litellm[proxy] so fresh installs run (#748)
  • force_required_tool_choice setting (#730) and routed OpenAI required tool choice (#732)
  • Scan-agent tool registration (#733); root scan prompt options (#750)
  • Attribute OpenRouter usage to the Strix app (#760)
  • Warn when the configured LLM is not a recommended/frontier model (#586)
  • Route ollama models through ollama_chat so tool calling works (#562)
  • Report cost for streamed OpenRouter calls (#634)

Reliability / fixes

  • Default sandbox exec commands to Bash so source works (#764)
  • Provider import-error hints for Bedrock/Vertex, full exception-chain walk (#588)
  • Env vars win over persisted JSON across all aliases (#689)
  • Graceful stop with resume hint on persistent RateLimitError (#593)
  • Collapse child-agent initial input into a single user message (#589)
  • Atomic CSV/MD writes to prevent corruption on crash (#628, #631); csv_path indentation (#637); avoid note-ID collisions (#630)
  • Swallow torn-down docker socket on sandbox delete (#721); Caido HTTPS scheme (#722) + configured UI domains (#723)
  • Keep verbose openai.agents DEBUG off sandbox stdout (#704)
  • Strip ANSI escapes / control bytes from terminal tool output (#554)

TUI

  • Reduce scroll stutter via throttled refresh + render caching (#687)
  • "More content available" hint for long views (#687)
  • Restore snappy sweep/progress animation frame rate (#759)

CI / telemetry / chores

  • Lower Linux release glibc baseline (#707)
  • Deduplicate scan-ended telemetry (#758); minor telemetry updates (#761); drop unhandled-exception collection (#585)
  • Config-loader tests (#596); report-writer artifact tests (#667); uv.lock refresh (#606); README/docs updates

Contributors

Thanks to everyone who contributed to this release:

@0xallam @AtifAssari @Ayush7614 @Hardik-369 @Rome-1 @RudraDudhat2509 @Sonai124 @Stark-SK @ViperDroid @Zizouk22 @bastitva0-blip @bearsyankees @chirag127 @dpersek @e345ee @mhspektr @ousamabenyounes @sean-kim05 @seanturner83 @singe

v1.0.4

Choose a tag to compare

@github-actions github-actions released this 09 Jun 16:46
cc23eeb

What's Changed

  • Make TUI quit instant by SIGKILL-ing the sandbox container by @0xallam in #548
  • Swallow sandbox container races in the stream consumer by @0xallam in #552
  • Strip all images from session on vision-rejection, not just the latest by @0xallam in #553
  • Strip ANSI escapes and control bytes from terminal tool output by @0xallam in #554
  • Bump 1.0.3 -> 1.0.4 by @0xallam in #557

Full Changelog: v1.0.3...v1.0.4

v1.0.3

Choose a tag to compare

@github-actions github-actions released this 09 Jun 01:10
250fe2c

What's Changed

  • fix: SDK tracing leak + orphan docker on TUI quit (closes #512) by @0xallam in #522
  • fix: gate reasoning_effort by LiteLLM model registry (closes #517) by @0xallam in #523
  • Simplify LLM configuration layer (closes #504) by @0xallam in #524
  • Show "Send message to resume" on the left of the status bar by @0xallam in #525
  • Gate Reasoning(effort=...) on registry support by @0xallam in #528
  • Use observed LiteLLM cost for LiteLLM-routed calls by @0xallam in #529
  • Simplify cost ledger to one bucket by @0xallam in #531
  • Bump 1.0.2 -> 1.0.3 by @0xallam in #537

Full Changelog: v1.0.2...v1.0.3

v1.0.2

Choose a tag to compare

@github-actions github-actions released this 28 May 19:00
d032151

What's Changed

  • fix: reasoning models reject tool_choice=required; bump to 1.0.2 (closes #503, #505) by @0xallam in #508

Full Changelog: v1.0.1...v1.0.2

v1.0.1

Choose a tag to compare

@github-actions github-actions released this 27 May 03:07
3bd9d56

What's Changed

  • fix: PyInstaller bundle is broken (missing agents SDK data + wrongly excluded gql); bump to 1.0.1 by @0xallam in #502

Full Changelog: v1.0.0...v1.0.1

v1.0.0

Choose a tag to compare

@github-actions github-actions released this 26 May 21:51
63faecd

What's Changed

  • feat: Better source-aware testing by @bearsyankees in #391
  • feat: Migrate from Poetry to uv by @shanyu-strix in #379
  • Edit Strix GitHub Actions integration tip by @0xallam in #440
  • fix: ensure LLM stats tracking is accurate by including completed subagents by @bearsyankees in #441
  • feat: Add NoSQL injection vulnerability guide by @timlzh in #168
  • feat(skills): add Kubernetes security testing skill by @mvanhorn in #394
  • fix: wrap acompletion in asyncio.wait_for to prevent indefinite hangs by @seanturner83 in #453
  • fix: --config flag now fully overrides ~/.strix/cli-config.json by @octo-patch in #457
  • feat: add NoSQL injection skill by @sandiyochristan in #404
  • fix: MiniMax tool call normalization and thinking block handling by @mitre88 in #458
  • feat: add Novita AI as LLM provider by @Alex-yang00 in #385
  • fix(llm): include system prompt tokens in memory compressor budget by @0xhis in #381
  • Add SSTI and Header Injection vulnerability skills by @MoDarK-MK in #191
  • Feature/fase 2 prompt optimization by @vsh00t in #183
  • perf(agent): wake on state change instead of 500ms polling by @b4l4-sec in #305
  • Fix MiniMax tool calling and terminal output parsing by @n1majne3 in #456
  • Add Docker sandbox host mappings by @Dawn-Fighter in #488
  • Strix v1.0.0 — Native tool calling, save & resume, multi-agent control by @0xallam in #499

New Contributors

Full Changelog: v0.8.3...v1.0.0

v0.8.3

Choose a tag to compare

@github-actions github-actions released this 23 Mar 05:16

What's Changed

  • chore(deps): bump pypdf from 6.7.1 to 6.7.2 by @dependabot[bot] in #329
  • chore: remove codex models from supported models by @octovimmer in #342
  • chore(deps): bump pypdf from 6.7.2 to 6.7.4 by @dependabot[bot] in #339
  • feat(skills): add NestJS security testing module by @ms6rb in #348
  • chore(deps): bump pypdf from 6.7.4 to 6.7.5 by @dependabot[bot] in #343
  • Add OpenTelemetry observability with local JSONL traces and Traceloop option by @bearsyankees in #347
  • fix: Change VERTEXAI_LOCATION from 'us-central1' to 'global' by @Hurleveur in #351
  • Update web search model name to 'sonar-reasoning-pro' by @0xallam in #353
  • fix: web_search tool not loading when API key is in config file by @0xallam in #365
  • feat: add interactive mode for agent loop by @0xallam in #364
  • Add tip about Strix integration with GitHub Actions by @0xallam in #370
  • feat: add skills for specific tools by @bearsyankees in #366
  • fix: prevent ScreenStackError when stopping agent from modal by @0xallam in #374
  • Guard TUI chat rendering against invalid Rich spans by @0xallam in #375
  • Refactor tool availability checks into registration by @0xallam in #376
  • Simplify tool file copying in Dockerfile by @0xallam in #387
  • chore: update default model, refine system prompt, bump sandbox by @0xallam in #388
  • chore: bump version to 0.8.3 by @0xallam in #389

New Contributors

Full Changelog: v0.8.2...v0.8.3

v0.8.2

Choose a tag to compare

@github-actions github-actions released this 24 Feb 02:47

What's Changed

  • chore(deps): bump google-cloud-aiplatform from 1.129.0 to 1.133.0 by @dependabot[bot] in #319
  • docs: fix Discord badge expired invite code by @mason5052 in #323
  • feat: Expose Caido proxy port for human-in-the-loop by @0xallam in #327

New Contributors

Full Changelog: v0.8.1...v0.8.2

v0.8.1

Choose a tag to compare

@github-actions github-actions released this 20 Feb 18:41

What's Changed

Full Changelog: v0.8.0...v0.8.1

v0.8.0

Choose a tag to compare

@github-actions github-actions released this 19 Feb 22:18

What's Changed

  • chore: upgrade litellm to 1.81.1 for zai provider support by @LegendEvent in #293
  • fix(llm): Pass API key and base URL to memory compressor by @0xallam in #296
  • chore(deps): bump pypdf from 6.6.0 to 6.6.2 by @dependabot[bot] in #295
  • Replace hardcoded git host detection with HTTP protocol probe by @0xallam in #298
  • fix: Polish finish_scan report schema by @0xallam in #303
  • feat: Add mouse text selection auto-copy to clipboard in TUI by @0xallam in #306
  • chore(deps): bump pillow from 11.3.0 to 12.1.1 by @dependabot[bot] in #310
  • chore(deps): bump cryptography from 44.0.1 to 46.0.5 by @dependabot[bot] in #307
  • chore(deps): bump protobuf from 6.33.4 to 6.33.5 by @dependabot[bot] in #299
  • Redesign vulnerability reporting with nested XML code locations and CVSS by @0xallam in #312
  • fix: Add explicit UTF-8 encoding to read_text() calls by @TaeBbong in #301
  • Improve code_locations for accurate PR suggestions by @0xallam in #314
  • Strix LLM Documentation and Config Changes by @octovimmer in #315
  • chore(deps): bump pypdf from 6.6.2 to 6.7.1 by @dependabot[bot] in #316

New Contributors

Full Changelog: v0.7.0...v0.8.0