Conversation
There was a problem hiding this comment.
Pull request overview
This PR updates Strix’s prompting/methodology content to be OWASP WSTG-aligned and adds live “system message” status text to the TUI via telemetry updates.
Changes:
- Reworked multiple system prompts/skill markdowns to explicitly map phases and subagents to OWASP WSTG categories.
- Added
system_messagesupport to telemetry agents and surfaced it in the TUI status line. - Hooked LLM generation + sandbox initialization to emit live status messages (e.g., “Waiting for LLM provider…”).
Reviewed changes
Copilot reviewed 11 out of 11 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
strix/tools/web_search/web_search_actions.py |
Reformats the web-search system prompt into structured sections. |
strix/telemetry/tracer.py |
Adds agent system_message tracking and an update helper. |
strix/skills/scan_modes/standard.md |
Updates Standard mode to be WSTG-aligned and wraps content in tags. |
strix/skills/scan_modes/quick.md |
Updates Quick mode to be WSTG-aligned; adds <instructions>/<constraints>/<mindset> blocks. |
strix/skills/scan_modes/deep.md |
Updates Deep mode to be WSTG-aligned and expands advanced categories. |
strix/skills/coordination/root_agent.md |
Updates root agent coordination guidance to be WSTG-aligned. |
strix/llm/llm.py |
Emits tracer system messages during memory compression and streaming generation. |
strix/llm/dedupe.py |
Reformats dedupe judge prompt into structured sections with explicit output rules. |
strix/interface/tui.py |
Displays system_message as the animated “Initializing/Waiting/…” status text. |
strix/agents/base_agent.py |
Emits a system message during sandbox setup. |
strix/agents/StrixAgent/system_prompt.jinja |
Reworks the main agent system prompt to include WSTG-aligned methodology and headings. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
strix/telemetry/tracer.py
Outdated
|
|
||
| def update_agent_status( | ||
| self, agent_id: str, status: str, error_message: str | None = None | ||
| self, agent_id: str, status: str, error_message: str | None = None, system_message: str | None = None |
There was a problem hiding this comment.
This function signature is over the configured 100-char line length (ruff E501) and will likely fail linting. Please wrap the parameters across multiple lines (the rest of the file generally formats multi-arg defs this way).
| self, agent_id: str, status: str, error_message: str | None = None, system_message: str | None = None | |
| self, | |
| agent_id: str, | |
| status: str, | |
| error_message: str | None = None, | |
| system_message: str | None = None, |
strix/llm/llm.py
Outdated
| async for response in self._stream(messages): | ||
| if tracer and self.agent_id: | ||
| tracer.update_agent_system_message(self.agent_id, "Generating response...") |
There was a problem hiding this comment.
update_agent_system_message() is called for every streamed chunk. Since _stream() yields many partial chunks, this can create a very hot loop of tracer/UI updates and unnecessary contention. Consider setting the system message once before entering the async for loop (or only on the first chunk), and avoid updating it on every yield.
| async for response in self._stream(messages): | |
| if tracer and self.agent_id: | |
| tracer.update_agent_system_message(self.agent_id, "Generating response...") | |
| if tracer and self.agent_id: | |
| tracer.update_agent_system_message(self.agent_id, "Generating response...") | |
| async for response in self._stream(messages): |
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 11 out of 11 changed files in this pull request and generated 2 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
strix/llm/llm.py
Outdated
| try: | ||
| if tracer and self.agent_id: | ||
| tracer.update_agent_system_message(self.agent_id, "Waiting for LLM provider...") | ||
| tracer.update_agent_system_message(self.agent_id, "Generating response...") |
There was a problem hiding this comment.
The two consecutive update_agent_system_message calls here overwrite each other before the coroutine ever hits an await, so the "Waiting for LLM provider..." state will never be visible. Also, setting "Generating response..." before _stream() starts means the UI will say "Generating" while it's actually blocked awaiting the provider response.
Consider setting only one message before the first await (e.g., "Waiting…"), and then switching to "Generating…" only after the first stream chunk is received (or insert a yield point before updating again).
| tracer.update_agent_system_message(self.agent_id, "Generating response...") |
| final_response = None | ||
|
|
||
| if tracer: | ||
| tracer.update_agent_system_message(self.state.agent_id, "Thinking...") |
There was a problem hiding this comment.
update_agent_system_message("Thinking...") is immediately followed by llm.generate(...), which currently updates the system message again before the first await in that coroutine. In practice this means "Thinking..." will be overwritten before the UI can ever render it.
To make the status useful, either centralize status updates in one layer (agent loop vs LLM), or ensure the "Thinking..." update occurs right before a real await/yield point so it can be observed.
| tracer.update_agent_system_message(self.state.agent_id, "Thinking...") | |
| tracer.update_agent_system_message(self.state.agent_id, "Thinking...") | |
| # Yield control so the "Thinking..." status can be observed before LLM updates it. | |
| await asyncio.sleep(0) |
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 11 out of 11 changed files in this pull request and generated 5 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
strix/interface/tui.py
Outdated
| if hasattr(msg_renderable, "renderable") and hasattr(msg_renderable.renderable, "_text") and not msg_renderable.renderable._text: | ||
| pass | ||
| elif getattr(msg_renderable, "plain", True): | ||
| renderables.append(msg_renderable) | ||
|
|
||
| if not renderables: | ||
| return None | ||
|
|
||
| if len(renderables) == 1: | ||
| return renderables[0] | ||
|
|
There was a problem hiding this comment.
AgentMessageRenderer.render_simple() returns a rich.text.Text, so the hasattr(msg_renderable, "renderable") ... _text branch will never run and adds unnecessary complexity. You can simplify this to a single emptiness check (e.g., if msg_renderable.plain:) and also remove the trailing whitespace on the elif line to satisfy style checks.
| if hasattr(msg_renderable, "renderable") and hasattr(msg_renderable.renderable, "_text") and not msg_renderable.renderable._text: | |
| pass | |
| elif getattr(msg_renderable, "plain", True): | |
| renderables.append(msg_renderable) | |
| if not renderables: | |
| return None | |
| if len(renderables) == 1: | |
| return renderables[0] | |
| if msg_renderable.plain: | |
| renderables.append(msg_renderable) | |
| if not renderables: | |
| return None | |
| if len(renderables) == 1: | |
| return renderables[0] |
| 7. **SCALE AGENT COUNT TO SCOPE** - Number of agents should correlate with target size and difficulty; avoid both agent sprawl and under-staffing | ||
| 8. **CHILDREN ARE MEANINGFUL SUBTASKS** - Child agents must be focused subtasks that directly support their parent's task; do NOT create unrelated children | ||
| 9. **UNIQUENESS** - Do not create two agents with the same task; ensure clear, non-overlapping responsibilities for every agent |
There was a problem hiding this comment.
The numbered list under “Simple Workflow Rules” has duplicate item numbers (two items labeled 7.). This can confuse readers and downstream prompt parsing; renumber the list so each item number is unique and sequential.
| 7. **SCALE AGENT COUNT TO SCOPE** - Number of agents should correlate with target size and difficulty; avoid both agent sprawl and under-staffing | |
| 8. **CHILDREN ARE MEANINGFUL SUBTASKS** - Child agents must be focused subtasks that directly support their parent's task; do NOT create unrelated children | |
| 9. **UNIQUENESS** - Do not create two agents with the same task; ensure clear, non-overlapping responsibilities for every agent | |
| 8. **SCALE AGENT COUNT TO SCOPE** - Number of agents should correlate with target size and difficulty; avoid both agent sprawl and under-staffing | |
| 9. **CHILDREN ARE MEANINGFUL SUBTASKS** - Child agents must be focused subtasks that directly support their parent's task; do NOT create unrelated children | |
| 10. **UNIQUENESS** - Do not create two agents with the same task; ensure clear, non-overlapping responsibilities for every agent |
| if role == "user": | ||
| return UserMessageRenderer.render_simple(content) | ||
|
|
||
| renderables = [] |
There was a problem hiding this comment.
thinking_blocks rendering is gated by the if not content: return None guard just above this block. Since BaseAgent logs assistant messages with clean_content(...), tool-call-only outputs often become empty strings, so the UI will drop the entire message (including thinking_blocks/interrupted metadata). Consider moving the empty-content early return below the thinking_blocks/interrupted handling (or only applying it for role == "user").
strix/agents/base_agent.py
Outdated
| metadata = {} | ||
| if thinking_blocks: | ||
| metadata["thinking_blocks"] = thinking_blocks | ||
|
|
There was a problem hiding this comment.
There’s trailing whitespace on the blank line here (and potentially other nearby blank lines). The repo runs pre-commit’s trailing-whitespace hook, so this will fail checks; remove the extra spaces so the line is truly empty.
strix/interface/tui.py
Outdated
| elif getattr(msg_renderable, "plain", True): | ||
| renderables.append(msg_renderable) | ||
|
|
||
| if not renderables: | ||
| return None | ||
|
|
||
| if len(renderables) == 1: | ||
| return renderables[0] | ||
|
|
There was a problem hiding this comment.
There are several lines with trailing whitespace in this block (e.g., after the elif condition and on blank lines). Since the repo uses the trailing-whitespace pre-commit hook, please strip trailing spaces here to avoid CI/pre-commit failures.
| elif getattr(msg_renderable, "plain", True): | |
| renderables.append(msg_renderable) | |
| if not renderables: | |
| return None | |
| if len(renderables) == 1: | |
| return renderables[0] | |
| elif getattr(msg_renderable, "plain", True): | |
| renderables.append(msg_renderable) | |
| if not renderables: | |
| return None | |
| if len(renderables) == 1: | |
| return renderables[0] |
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 11 out of 11 changed files in this pull request and generated no new comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
0xhis
force-pushed
the
prompt-optimization
branch
from
1039de9 to
6d4e9e8
Compare
Co-authored-by: 0xallam <ahmed39652003@gmail.com>
# Conflicts: # strix/telemetry/tracer.py
0xhis
force-pushed
the
prompt-optimization
branch
from
52468cc to
e7e03e0
Compare
…hering - Restructures Phase 1 into explicit subagent delegation rules - Root agent no longer runs recon/crawling/code analysis directly - Adds black-box, white-box, and combined mode subagent templates - Renames Phase 2 section to reflect dependency on gathered context
- Extract .renderable from ThinkRenderer.render() in tui.py for consistency - Remove dead thinking_blocks parameter from add_message() in state.py - Pass tracer into _stream() instead of importing in hot path in llm.py - Add overflow indicator (+N more) when truncating tool displays in base_agent.py
…eation - Add SKILLS ARE MANDATORY rule to Critical Rules section - Update BLACK-BOX examples to include skills= in every agent creation - Update WHITE-BOX examples to include skills= in every agent creation - Add Skill Assignment Triggers section with 15 scenario→skill mappings - Add warning that agents without skills lack vulnerability methodology Fixes regression where subagents were spawning without vulnerability skills loaded, causing shallow testing (no SQLi, XSS, etc.)
…cker perspective constraints
…t guard and prompt cleanup
…g model context limit
Add regex patterns to normalize <function>name> and <parameter>key> into proper <function=name> and <parameter=key> format before parsing.
…g Verification agents
Adding WSTG methodology prompts and live UI statuses.