diff --git a/.github/ISSUE_TEMPLATE/bug_report.yml b/.github/ISSUE_TEMPLATE/bug_report.yml new file mode 100644 index 000000000..1e33c71f5 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/bug_report.yml @@ -0,0 +1,42 @@ +name: "🐛 Bug Report" +description: "Report a bug or unexpected behavior in Strix" +title: "[Bug]: " +labels: ["bug", "triage"] +body: + - type: markdown + attributes: + value: | + Please fill out this form to help us diagnose and resolve the issue. + - type: textarea + id: description + attributes: + label: "Vulnerability / Bug Description" + description: "A clear and concise description of what is happening." + placeholder: "e.g., Strix CLI crashes during local scan on port 8080..." + validations: + required: true + - type: textarea + id: reproduction + attributes: + label: "Reproduction Steps" + description: "How can we reproduce the bug?" + placeholder: | + 1. Run 'uv run strix --target https://example.com' + 2. Set environment variable STRIX_LLM = ... + 3. See error stack trace... + validations: + required: true + - type: textarea + id: logs + attributes: + label: "Logs and Stack Traces" + description: "Copy-paste relevant terminal error logs here." + render: shell + - type: input + id: environment + attributes: + label: "System & LLM Environment" + description: "Python version, OS, target server model, LLM provider, etc." + placeholder: "e.g. Python 3.12, macOS Sonoma, OpenAI GPT-4o" + validations: + required: true diff --git a/.github/ISSUE_TEMPLATE/feature_request.yml b/.github/ISSUE_TEMPLATE/feature_request.yml new file mode 100644 index 000000000..12bb3ef44 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/feature_request.yml @@ -0,0 +1,28 @@ +name: "🚀 Feature Request" +description: "Suggest an improvement, new agent capability, or pentesting skill" +title: "[Feature]: " +labels: ["enhancement"] +body: + - type: markdown + attributes: + value: | + We are happy to receive suggestions to make Strix a more powerful pentesting tool. + - type: textarea + id: context + attributes: + label: "Problem / Context" + description: "Is your suggestion related to a gap in existing penetration testing capabilities?" + placeholder: "e.g., Strix struggles to analyze and attack GraphQL endpoints..." + - type: textarea + id: feature_details + attributes: + label: "Describe the Proposed Feature" + description: "What capability, tool integrations, or agent logic should be added?" + placeholder: "Add a new GraphQL schema auditor tool to Strix's agent toolkit..." + validations: + required: true + - type: textarea + id: alternatives + attributes: + label: "Describe alternatives you've considered" + description: "Any alternative solutions or features you've considered." diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 000000000..440eb8124 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,15 @@ +# Security Policy + +## Supported Versions + +Only the latest stable version of Strix is supported with security updates. + +## Reporting a Vulnerability + +If you discover a security vulnerability in Strix, please do **not** open a public issue. We take security seriously and want to fix exploits responsibly. + +Please report vulnerabilities privately by: +- Sending an email to **hi@usestrix.com** with details of the vulnerability and reproduction steps. +- Or utilizing GitHub's private vulnerability reporting feature on the repository. + +We will acknowledge your report within 48 hours and work with you to release a security patch.