refactor(llm): rename _get_message_tokens to public API name

Author: 0xhis

.sisyphus/plans/pr-review-fixes.md

@@ -0,0 +1,213 @@
+# PR Review Feedback Fixes
+
+## TL;DR
+
+> **Quick Summary**: Address reviewer feedback from Greptile and Copilot across PRs 381-384. Fix a real bug (thinking blocks dropped on interrupted messages), improve code quality (XML escaping, private symbol export), and add clarifying comments (Qwen compliance block).
+>
+> **Deliverables**:
+> - PR 381: `get_message_tokens` (dropped leading underscore)
+> - PR 382: Split WSTG category codes + compliance block comment
+> - PR 383: Thinking blocks fix in interrupted path
+> - PR 384: XML escaping + generic corrective message
+>
+> **Estimated Effort**: Quick
+> **Parallel Execution**: YES - 4 PRs, each fix is independent
+
+---
+
+## Context
+
+### Original Request
+User asked to read reviewer feedback on the 4 split PRs and implement fixes.
+
+### Reviewer Findings
+
+**PR 381 (Memory Fix)** - Greptile: `_get_message_tokens` is a private symbol imported across module boundaries. Rename to `get_message_tokens`.
+
+**PR 382 (WSTG Prompts)** - Greptile: `IDNT/ATHN` and `ATHZ/SESS` are combined codes inconsistent with single codes used elsewhere. `<compliance>` block wording is too aggressive for prompt injection resistance. User clarified: keep the aggressive wording (needed for Qwen-series models), add a comment explaining why.
+
+**PR 383 (TUI Status)** - Greptile: **BUG** - thinking blocks silently dropped when `metadata["interrupted"]` is true. Early return bypasses `renderables` list.
+
+**PR 384 (Agent Workflow)** - Greptile: (1) URLs with `&` produce invalid XML in `<scan_task>`, (2) corrective message hardcodes StrixAgent-specific tool names in BaseAgent, (3) message content not escaped in `<agent_message>` XML. User approved: HTML escape for all targets, generic corrective message.
+
+---
+
+## Work Objectives
+
+### Core Objective
+Apply all non-blocking review feedback to make PRs cleaner and more robust.
+
+### Concrete Deliverables
+- `_get_message_tokens` renamed to `get_message_tokens` in both files
+- WSTG category codes split into separate phases
+- Compliance block comment added (Qwen rationale)
+- Thinking blocks included in interrupted message path
+- `html.escape()` on all XML-interpolated values
+- Generic corrective message in BaseAgent
+- CDATA-wrapping for `<agent_message>` content
+
+---
+
+## TODOs
+
+- [ ] 1. PR 381: Rename `_get_message_tokens` → `get_message_tokens`
+
+  **What to do**:
+  - Rename function in `strix/llm/memory_compressor.py` (definition)
+  - Update import in `strix/llm/llm.py` (consumption)
+  - Commit on `fix/memory-compressor-token-budget` branch
+
+  **Must NOT do**:
+  - Change function behavior or signature
+  - Touch unrelated files
+
+  **Acceptance Criteria**:
+  - [ ] `grep -r "_get_message_tokens"` returns no results in source files
+  - [ ] `python -c "from strix.llm.memory_compressor import get_message_tokens"` succeeds
+  - [ ] `git diff` shows only the rename, no behavioral changes
+
+  **Commit**: `refactor(llm): rename _get_message_tokens to public API name`
+
+- [ ] 2. PR 382: Split WSTG category codes in `<methodology>` phases
+
+  **What to do**:
+  - In `system_prompt.jinja`, split `IDNT/ATHN` into separate `IDNT` and `ATHN` phases
+  - Split `ATHZ/SESS` into separate `ATHZ` and `SESS` phases
+  - Renumber subsequent phases accordingly
+  - Ensure codes match what `<skill_triggers>` and `<phase2>` use
+
+  **Must NOT do**:
+  - Change the `<skill_triggers>` or `<phase2>` sections (they already use correct single codes)
+  - Alter non-phase content in the methodology section
+
+  **Acceptance Criteria**:
+  - [ ] No combined codes like `IDNT/ATHN` remain in system_prompt.jinja
+  - [ ] All methodology phases use single WSTG codes matching `<skill_triggers>`
+
+  **Commit**: `fix(prompts): split combined WSTG category codes for consistency`
+
+- [ ] 3. PR 382: Add comment explaining aggressive compliance wording
+
+  **What to do**:
+  - Add a Jinja comment or XML comment above the `<compliance>` block explaining that the aggressive wording is intentional and was needed when testing with Qwen-series models (e.g., Qwen3.5-Plus)
+  - Note that softer language caused unnecessary refusals during authorized scans
+
+  **Must NOT do**:
+  - Change the actual compliance wording
+  - Remove or weaken the `<compliance>` block
+
+  **Acceptance Criteria**:
+  - [ ] Comment exists above `<compliance>` block referencing Qwen-series models
+  - [ ] Functional output of the Jinja template is unchanged
+
+  **Commit**: `docs: add comment explaining aggressive compliance block rationale`
+
+- [ ] 4. PR 383: Fix thinking blocks dropped on interrupted messages
+
+  **What to do**:
+  - In `_render_chat_content` in `strix/interface/tui.py`, fix the `metadata["interrupted"]` branch
+  - Change `self._merge_renderables([streaming_result, interrupted_text])` to include `renderables`:
+    `self._merge_renderables([*renderables, streaming_result, interrupted_text])`
+
+  **Must NOT do**:
+  - Change the interrupted message rendering logic beyond including renderables
+  - Touch other branches of `_render_chat_content`
+
+  **Acceptance Criteria**:
+  - [ ] Code shows `[*renderables, streaming_result, interrupted_text]` in interrupted branch
+  - [ ] No other changes in the diff
+
+  **Commit**: `fix(ui): include thinking blocks in interrupted message render`
+
+- [ ] 5. PR 384: Add `html.escape()` to XML-interpolated values in strix_agent.py
+
+  **What to do**:
+  - `import html` at top of `strix/agents/StrixAgent/strix_agent.py`
+  - Wrap all target values in `html.escape()` before embedding in XML:
+    - `url` values
+    - `repo["url"]` values
+    - `code["path"]` values
+    - IP address entries
+  - Same approach for `base_agent.py` `<agent_message>` attributes (`sender_name`, `sender_id`)
+
+  **Must NOT do**:
+  - Change the XML structure or element names
+  - Escape already-safe static strings (only user/target-derived values)
+
+  **Acceptance Criteria**:
+  - [ ] `html` is imported in both files
+  - [ ] All interpolated target values wrapped in `html.escape()`
+  - [ ] `<agent_message>` attributes `from="{html.escape(sender_name)}"` and `id="{html.escape(sender_id)}"` escape properly
+
+  **Commit**: `fix(agent): escape XML special characters in target values`
+
+- [ ] 6. PR 384: Escape message content in `<agent_message>` XML
+
+  **What to do**:
+  - In `base_agent.py`, wrap `message.get("content", "")` in CDATA or `html.escape()` before embedding in `<agent_message>` element content
+  - CDATA is preferred here since content is free-form text that shouldn't be interpreted as XML
+
+  **Must NOT do**:
+  - Change the XML element structure
+  - Break existing `clean_content()` regex patterns
+
+  **Acceptance Criteria**:
+  - [ ] Message content is CDATA-wrapped or HTML-escaped in the `<agent_message>` element
+  - [ ] Content containing `</agent_message>` does not break the XML structure
+
+  **Commit**: `fix(agent): escape message content in compact agent_message format`
+
+- [ ] 7. PR 384: Make corrective message generic in BaseAgent
+
+  **What to do**:
+  - In `base_agent.py`, change the corrective message from mentioning specific tool names to generic guidance:
+    ```
+    "You responded with plain text instead of a tool call. 
+    While the agent loop is running, EVERY response MUST be a tool call. 
+    Do NOT send plain text messages. Act via your available tools.
+    Review your task and take action now."
+    ```
+  - Remove references to `create_agent`, `terminal_execute`, `wait_for_message`
+
+  **Must NOT do**:
+  - Change the `add_message("user", corrective_message)` call structure
+  - Change the `return None` behavior
+
+  **Acceptance Criteria**:
+  - [ ] Corrective message contains no StrixAgent-specific tool names
+  - [ ] Message still conveys "use tools, not plain text"
+
+  **Commit**: `fix(agent): use generic corrective message in BaseAgent`
+
+---
+
+## Execution Strategy
+
+Each fix is independent and lives on a separate branch. Apply fixes to the appropriate branch, commit, and force-push.
+
+```
+Wave 1 (all parallel):
+├── Task 1: PR 381 branch - rename function
+├── Task 2: PR 382 branch - split WSTG codes
+├── Task 3: PR 382 branch - compliance comment
+├── Task 4: PR 383 branch - thinking blocks fix
+├── Task 5: PR 384 branch - XML escaping
+├── Task 6: PR 384 branch - CDATA wrapping
+└── Task 7: PR 384 branch - generic corrective message
+```
+
+Tasks 2+3 share branch (PR 382). Tasks 5+6+7 share branch (PR 384). Work sequentially within a branch, but all 4 branches can be updated in parallel.
+
+**Branch workflow per PR:**
+1. `git checkout <branch>`
+2. Apply edits
+3. `git add -A && git commit -m "message"`
+4. `git push origin <branch> --force-with-lease`
+
+---
+
+## Success Criteria
+
+- [ ] All 4 PRs still `MERGEABLE` after fixes
+- [ ] No reviewer comments remain unaddressed
+- [ ] Each branch has exactly one additional commit with the fix

strix/llm/llm.py

@@ -10,7 +10,7 @@
 
 from strix.config import Config
 from strix.llm.config import LLMConfig
-from strix.llm.memory_compressor import MemoryCompressor, _get_message_tokens
+from strix.llm.memory_compressor import MemoryCompressor, get_message_tokens
 from strix.llm.utils import (
     _truncate_to_first_function,
     fix_incomplete_tool_call,
@@ -182,7 +182,7 @@ def _prepare_messages(self, conversation_history: list[dict[str, Any]]) -> list[
             )
 
         reserved_tokens = sum(
-            _get_message_tokens(msg, self.config.litellm_model) for msg in messages
+            get_message_tokens(msg, self.config.litellm_model) for msg in messages
         )
         compressed = list(
             self.memory_compressor.compress_history(conversation_history, reserved_tokens)

strix/llm/memory_compressor.py

@@ -52,7 +52,7 @@ def _count_tokens(text: str, model: str) -> int:
         return len(text) // 4  # Rough estimate
 
 
-def _get_message_tokens(msg: dict[str, Any], model: str) -> int:
+def get_message_tokens(msg: dict[str, Any], model: str) -> int:
     content = msg.get("content", "")
     if isinstance(content, str):
         return _count_tokens(content, model)
@@ -209,7 +209,7 @@ def compress_history(
         model_name: str = self.model_name  # type: ignore[assignment]
 
         total_tokens = reserved_tokens + sum(
-            _get_message_tokens(msg, model_name) for msg in system_msgs + regular_msgs
+            get_message_tokens(msg, model_name) for msg in system_msgs + regular_msgs
         )
 
         if total_tokens <= MAX_TOTAL_TOKENS * 0.9:

test_run.sh

@@ -0,0 +1,52 @@
+#!/bin/bash
+# Wrapper script to run Strix with GLM-5 and Podman
+
+# Podman socket for Docker compatibility
+export DOCKER_HOST="unix://$XDG_RUNTIME_DIR/podman/podman.sock"
+
+# Default Configuration (GLM-5 via Astaria Proxy)
+STRIX_LLM="openai/code/glm-5"
+OPENAI_API_BASE="https://apiproxy.astaria.cc/v1"
+LLM_API_KEY="sk-3c3753665e8203c691ed000d755a739816209a68c5d1d9722186dc71766962b1"
+# Check for OpenRouter flag
+if [[ "$1" == "--openrouter" ]]; then
+    echo "Switching to OpenRouter..."
+    STRIX_LLM="openrouter/openrouter/hunter-alpha"
+    OPENAI_API_BASE="https://openrouter.ai/api/v1"
+    LLM_API_KEY="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"
+    shift
+fi
+
+# Export configuration
+export STRIX_LLM
+export OPENAI_API_BASE
+export LLM_API_KEY
+
+echo "----------------------------------------"
+echo "Using Model: $STRIX_LLM"
+echo "API Base: $OPENAI_API_BASE"
+echo "Container Backend: Podman"
+echo "----------------------------------------"
+
+PYTHON_BIN="${PYTHON_BIN:-python3.14}"
+if ! command -v "$PYTHON_BIN" >/dev/null 2>&1; then
+    echo "Python interpreter not found: $PYTHON_BIN"
+    exit 1
+fi
+
+if [ $# -eq 0 ]; then
+    echo "Usage: ./test_run.sh [--openrouter] --target <your_target>"
+    echo "Example: ./test_run.sh --target example.com"
+    echo "Example: ./test_run.sh --openrouter --target example.com"
+    exit 1
+fi
+
+echo "Setting up Python virtual environment..."
+if [ ! -d ".venv" ]; then
+    "$PYTHON_BIN" -m venv .venv
+fi
+source .venv/bin/activate
+pip install -e . -q
+
+echo "Running Strix..."
+strix "$@"