feat: browser-use tool migration

.github/workflows/build-release.yml

@@ -30,15 +30,15 @@ jobs:
         with:
           python-version: '3.12'
 
-      - uses: snok/install-poetry@v1
+      - uses: astral-sh/setup-uv@v5
 
       - name: Build
         shell: bash
         run: |
-          poetry install --with dev
-          poetry run pyinstaller strix.spec --noconfirm
+          uv sync --frozen
+          uv run pyinstaller strix.spec --noconfirm
 
-          VERSION=$(poetry version -s)
+          VERSION=$(grep '^version' pyproject.toml | head -1 | sed 's/.*"\(.*\)"/\1/')
           mkdir -p dist/release
 
           if [[ "${{ runner.os }}" == "Windows" ]]; then

.pre-commit-config.yaml

@@ -31,6 +31,7 @@ repos:
       - id: check-toml
       - id: check-merge-conflict
       - id: check-added-large-files
+        args: ['--maxkb=1024']
       - id: debug-statements
       - id: check-case-conflict
       - id: check-docstring-first

CONTRIBUTING.md

@@ -8,7 +8,7 @@ Thank you for your interest in contributing to Strix! This guide will help you g
 
 - Python 3.12+
 - Docker (running)
-- Poetry (for dependency management)
+- [uv](https://docs.astral.sh/uv/) (for dependency management)
 - Git
 
 ### Local Development
@@ -24,8 +24,8 @@ Thank you for your interest in contributing to Strix! This guide will help you g
    make setup-dev
 
    # or manually:
-   poetry install --with=dev
-   poetry run pre-commit install
+   uv sync
+   uv run pre-commit install
    ```
 
 3. **Configure your LLM provider**
@@ -36,7 +36,7 @@ Thank you for your interest in contributing to Strix! This guide will help you g
 
 4. **Run Strix in development mode**
    ```bash
-   poetry run strix --target https://example.com
+   uv run strix --target https://example.com
    ```
 
 ## 📚 Contributing Skills

Makefile

@@ -1,4 +1,4 @@
-.PHONY: help install dev-install format lint type-check test test-cov clean pre-commit setup-dev
+.PHONY: help install dev-install format lint type-check test test-cov clean pre-commit setup-dev integration
 
 help:
 	@echo "Available commands:"
@@ -14,65 +14,76 @@ help:
 	@echo "  check-all     - Run all code quality checks"
 	@echo ""
 	@echo "Testing:"
-	@echo "  test          - Run tests with pytest"
-	@echo "  test-cov      - Run tests with coverage reporting"
+	@echo "  test               - Run tests with pytest"
+	@echo "  test-cov           - Run tests with coverage reporting"
+	@echo "  integration          - Run integration tests (verbose)"
+	@echo "  PRETTY=1 integration - Run integration tests (clean TUI)"
 	@echo ""
 	@echo "Development:"
 	@echo "  pre-commit    - Run pre-commit hooks on all files"
 	@echo "  clean         - Clean up cache files and artifacts"
 
 install:
-	poetry install --only=main
+	uv sync --no-dev
 
 dev-install:
-	poetry install --with=dev
+	uv sync
 
 setup-dev: dev-install
-	poetry run pre-commit install
+	uv run pre-commit install
 	@echo "✅ Development environment setup complete!"
 	@echo "Run 'make check-all' to verify everything works correctly."
 
 format:
 	@echo "🎨 Formatting code with ruff..."
-	poetry run ruff format .
+	uv run ruff format .
 	@echo "✅ Code formatting complete!"
 
 lint:
 	@echo "🔍 Linting code with ruff..."
-	poetry run ruff check . --fix
+	uv run ruff check . --fix
 	@echo "📝 Running additional linting with pylint..."
-	poetry run pylint strix/ --score=no --reports=no
+	uv run pylint strix/ --score=no --reports=no
 	@echo "✅ Linting complete!"
 
 type-check:
 	@echo "🔍 Type checking with mypy..."
-	poetry run mypy strix/
+	uv run mypy strix/
 	@echo "🔍 Type checking with pyright..."
-	poetry run pyright strix/
+	uv run pyright strix/
 	@echo "✅ Type checking complete!"
 
 security:
 	@echo "🔒 Running security checks with bandit..."
-	poetry run bandit -r strix/ -c pyproject.toml
+	uv run bandit -r strix/ -c pyproject.toml
 	@echo "✅ Security checks complete!"
 
 check-all: format lint type-check security
 	@echo "✅ All code quality checks passed!"
 
 test:
 	@echo "🧪 Running tests..."
-	poetry run pytest -v
+	uv run pytest -v
 	@echo "✅ Tests complete!"
 
 test-cov:
 	@echo "🧪 Running tests with coverage..."
-	poetry run pytest -v --cov=strix --cov-report=term-missing --cov-report=html
+	uv run pytest -v --cov=strix --cov-report=term-missing --cov-report=html
 	@echo "✅ Tests with coverage complete!"
 	@echo "📊 Coverage report generated in htmlcov/"
 
+integration:
+ifdef PRETTY
+	poetry run pytest tests/integration/ -m integration --no-cov --no-header -q --tb=no -p no:logging -s --pretty
+else
+	@echo "🧪 Running integration tests..."
+	poetry run pytest tests/integration/ -v -s --log-cli-level=INFO -m integration --no-cov
+	@echo "✅ Integration tests complete!"
+endif
+
 pre-commit:
 	@echo "🔧 Running pre-commit hooks..."
-	poetry run pre-commit run --all-files
+	uv run pre-commit run --all-files
 	@echo "✅ Pre-commit hooks complete!"
 
 clean:

containers/Dockerfile

@@ -70,11 +70,7 @@ USER root
 RUN cp /app/certs/ca.crt /usr/local/share/ca-certificates/ca.crt && \
     update-ca-certificates
 
-RUN curl -sSL https://install.python-poetry.org | POETRY_HOME=/opt/poetry python3 - && \
-    ln -s /opt/poetry/bin/poetry /usr/local/bin/poetry && \
-    chmod +x /usr/local/bin/poetry && \
-    python3 -m venv /app/venv && \
-    chown -R pentester:pentester /app/venv /opt/poetry
+RUN curl -LsSf https://astral.sh/uv/install.sh | env UV_INSTALL_DIR=/usr/local/bin sh
 
 USER pentester
 WORKDIR /tmp
@@ -130,9 +126,8 @@ RUN apt-get autoremove -y && \
     apt-get autoclean && \
     rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
 
-ENV PATH="/home/pentester/go/bin:/home/pentester/.local/bin:/home/pentester/.npm-global/bin:/app/venv/bin:$PATH"
-ENV VIRTUAL_ENV="/app/venv"
-ENV POETRY_HOME="/opt/poetry"
+ENV PATH="/home/pentester/go/bin:/home/pentester/.local/bin:/home/pentester/.npm-global/bin:/app/.venv/bin:$PATH"
+ENV VIRTUAL_ENV="/app/.venv"
 
 WORKDIR /app
 
@@ -157,17 +152,16 @@ ENV SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt
 
 RUN mkdir -p /workspace && chown -R pentester:pentester /workspace /app
 
-COPY pyproject.toml poetry.lock ./
+COPY pyproject.toml uv.lock ./
+RUN echo "# Sandbox Environment" > README.md && mkdir -p strix && touch strix/__init__.py
 
 USER pentester
-RUN poetry install --no-root --without dev --extras sandbox
-RUN poetry run playwright install chromium
+RUN uv sync --frozen --no-dev --extra sandbox
+RUN /app/.venv/bin/python -m playwright install chromium
 
-RUN /app/venv/bin/pip install -r /home/pentester/tools/jwt_tool/requirements.txt && \
+RUN uv pip install -r /home/pentester/tools/jwt_tool/requirements.txt && \
     ln -s /home/pentester/tools/jwt_tool/jwt_tool.py /home/pentester/.local/bin/jwt_tool
 
-RUN echo "# Sandbox Environment" > README.md
-
 COPY strix/__init__.py strix/
 COPY strix/config/ /app/strix/config/
 COPY strix/utils/ /app/strix/utils/
@@ -180,7 +174,11 @@ RUN echo 'export PATH="/home/pentester/go/bin:/home/pentester/.local/bin:/home/p
 
 USER root
 COPY containers/docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh
-RUN chmod +x /usr/local/bin/docker-entrypoint.sh
+COPY containers/healthcheck.sh /usr/local/bin/healthcheck.sh
+RUN chmod +x /usr/local/bin/docker-entrypoint.sh /usr/local/bin/healthcheck.sh
+
+HEALTHCHECK --interval=15s --timeout=5s --start-period=60s --retries=3 \
+  CMD healthcheck.sh
 
 USER pentester
 WORKDIR /workspace

containers/docker-entrypoint.sh

@@ -151,20 +151,57 @@ sudo -u pentester certutil -N -d sql:/home/pentester/.pki/nssdb --empty-password
 sudo -u pentester certutil -A -n "Testing Root CA" -t "C,," -i /app/certs/ca.crt -d sql:/home/pentester/.pki/nssdb
 echo "✅ CA added to browser trust store"
 
+# Chromium binds CDP to 127.0.0.1, tool server proxies WS via /cdp/ws
+CDP_INTERNAL_PORT=19222
+CHROMIUM_BIN=$(find /usr/lib/chromium* /usr/bin -name "chromium" -o -name "chromium-browser" -o -name "chrome" 2>/dev/null | head -1)
+[ -z "$CHROMIUM_BIN" ] && CHROMIUM_BIN=$(find /home/pentester/.cache/ms-playwright -name "chrome" -type f 2>/dev/null | head -1)
+
+if [ -n "$CHROMIUM_BIN" ]; then
+  rm -f /tmp/chromium-profile/SingletonLock /tmp/chromium-profile/SingletonCookie /tmp/chromium-profile/SingletonSocket 2>/dev/null || true
+
+  echo "Launching Chromium with CDP on internal port $CDP_INTERNAL_PORT..."
+  sudo -u pentester "$CHROMIUM_BIN" \
+    --headless \
+    --no-sandbox \
+    --disable-dev-shm-usage \
+    --disable-gpu \
+    --remote-debugging-port="$CDP_INTERNAL_PORT" \
+    --proxy-server="http://127.0.0.1:${CAIDO_PORT}" \
+    --ignore-certificate-errors \
+    --user-data-dir=/tmp/chromium-profile \
+    > /tmp/chromium.log 2>&1 &
+  CHROMIUM_PID=$!
+  echo "Started Chromium with PID $CHROMIUM_PID"
+
+  echo "Waiting for Chromium CDP to be ready..."
+  for i in {1..20}; do
+    if curl -s "http://127.0.0.1:${CDP_INTERNAL_PORT}/json/version" | grep -q "webSocketDebuggerUrl"; then
+      echo "Chromium CDP ready on port $CDP_INTERNAL_PORT (attempt $i)"
+      break
+    fi
+    [ $i -eq 20 ] && echo "WARNING: Chromium CDP did not become ready within 20s"
+    sleep 1
+  done
+else
+  echo "WARNING: Chromium binary not found, browser CDP will not be available"
+fi
+
 echo "Starting tool server..."
 cd /app
 export PYTHONPATH=/app
 export STRIX_SANDBOX_MODE=true
-export POETRY_VIRTUALENVS_CREATE=false
 export TOOL_SERVER_TIMEOUT="${STRIX_SANDBOX_EXECUTION_TIMEOUT:-120}"
 TOOL_SERVER_LOG="/tmp/tool_server.log"
 
 sudo -E -u pentester \
-  poetry run python -m strix.runtime.tool_server \
+  /app/.venv/bin/python -m strix.runtime.tool_server \
   --token="$TOOL_SERVER_TOKEN" \
   --host=0.0.0.0 \
   --port="$TOOL_SERVER_PORT" \
-  --timeout="$TOOL_SERVER_TIMEOUT" > "$TOOL_SERVER_LOG" 2>&1 &
+  --timeout="$TOOL_SERVER_TIMEOUT" \
+  --cdp-upstream="http://127.0.0.1:$CDP_INTERNAL_PORT" > "$TOOL_SERVER_LOG" 2>&1 &
+
+TOOL_SERVER_PID=$!
 
 for i in {1..10}; do
   if curl -s "http://127.0.0.1:$TOOL_SERVER_PORT/health" | grep -q '"status":"healthy"'; then

containers/healthcheck.sh

@@ -0,0 +1,31 @@
+#!/bin/bash
+# Healthcheck script for the strix sandbox container.
+# Checks: tool server, Caido proxy, Chromium CDP.
+# Exit 0 = healthy, exit 1 = unhealthy.
+
+set -e
+
+TOOL_SERVER_PORT="${TOOL_SERVER_PORT:-48081}"
+CAIDO_PORT=48080
+
+# 1. Tool server must respond healthy
+if ! curl -sf --max-time 3 -H "Authorization: Bearer ${TOOL_SERVER_TOKEN}" "http://127.0.0.1:${TOOL_SERVER_PORT}/health" | grep -q '"status":"healthy"'; then
+  echo "UNHEALTHY: tool server not responding on port ${TOOL_SERVER_PORT}"
+  exit 1
+fi
+
+# 2. Caido proxy must be reachable. A bare /graphql/ probe may legitimately return
+# 400, which the entrypoint already treats as ready.
+if ! curl -s -o /dev/null -w "%{http_code}" --max-time 3 "http://127.0.0.1:${CAIDO_PORT}/graphql/" | grep -qE "^(200|400)$"; then
+  echo "UNHEALTHY: Caido proxy not responding on port ${CAIDO_PORT}"
+  exit 1
+fi
+
+# 3. Chromium CDP must be reachable (probe internal port directly — no auth needed inside the container)
+if ! curl -sf --max-time 3 "http://127.0.0.1:${CDP_INTERNAL_PORT:-19222}/json/version" | grep -q "webSocketDebuggerUrl"; then
+  echo "UNHEALTHY: Chromium CDP not responding on internal port ${CDP_INTERNAL_PORT:-19222}"
+  exit 1
+fi
+
+echo "healthy"
+exit 0

docs/contributing.mdx

@@ -9,7 +9,7 @@ description: "Contribute to Strix development"
 
 - Python 3.12+
 - Docker (running)
-- Poetry
+- [uv](https://docs.astral.sh/uv/)
 - Git
 
 ### Local Development
@@ -26,8 +26,8 @@ description: "Contribute to Strix development"
     make setup-dev
 
     # or manually:
-    poetry install --with=dev
-    poetry run pre-commit install
+    uv sync
+    uv run pre-commit install
     ```
   </Step>
   <Step title="Configure LLM">
@@ -38,7 +38,7 @@ description: "Contribute to Strix development"
   </Step>
   <Step title="Run Strix">
     ```bash
-    poetry run strix --target https://example.com
+    uv run strix --target https://example.com
     ```
   </Step>
 </Steps>