2025-12-11 19:09:10 +08:00
|
|
|
|
"""
|
|
|
|
|
|
Agent 工具集
|
feat(agent): implement comprehensive agent architecture with knowledge base and persistence layer
- Add database migrations for agent checkpoints and tree node tracking
- Implement core agent execution framework with executor, state management, and message handling
- Create knowledge base system with framework-specific modules (Django, FastAPI, Flask, Express, React, Supabase)
- Add vulnerability knowledge modules covering authentication, cryptography, injection, XSS, XXE, SSRF, path traversal, deserialization, and race conditions
- Introduce new agent tools: thinking tool, reporting tool, and agent-specific utilities
- Implement LLM memory compression and prompt caching for improved performance
- Add agent registry and persistence layer for checkpoint management
- Refactor agent implementations (analysis, recon, verification, orchestrator) with enhanced capabilities
- Remove legacy agent implementations (analysis_v2, react_agent)
- Update API endpoints for agent task creation and project management
- Add frontend components for agent task creation and enhanced audit UI
- Consolidate agent service architecture with improved separation of concerns
- This refactoring provides a scalable foundation for multi-agent collaboration with knowledge-driven decision making and state persistence
2025-12-12 15:27:12 +08:00
|
|
|
|
|
|
|
|
|
|
提供 Agent 使用的各种工具,包括:
|
|
|
|
|
|
- 基础工具(文件操作、代码搜索)
|
|
|
|
|
|
- 分析工具(模式匹配、数据流分析)
|
|
|
|
|
|
- 外部安全工具(Semgrep、Bandit等)
|
|
|
|
|
|
- 协作工具(Think、Agent通信)
|
|
|
|
|
|
- 报告工具(漏洞报告)
|
2025-12-13 12:35:03 +08:00
|
|
|
|
- 🔥 智能扫描工具(批量扫描、快速审计)
|
2025-12-11 19:09:10 +08:00
|
|
|
|
"""
|
|
|
|
|
|
|
|
|
|
|
|
from .base import AgentTool, ToolResult
|
|
|
|
|
|
from .rag_tool import RAGQueryTool, SecurityCodeSearchTool, FunctionContextTool
|
|
|
|
|
|
from .pattern_tool import PatternMatchTool
|
|
|
|
|
|
from .code_analysis_tool import CodeAnalysisTool, DataFlowAnalysisTool, VulnerabilityValidationTool
|
|
|
|
|
|
from .file_tool import FileReadTool, FileSearchTool, ListFilesTool
|
2025-12-14 17:20:54 +08:00
|
|
|
|
from .sandbox_tool import (
|
|
|
|
|
|
SandboxTool,
|
|
|
|
|
|
SandboxHttpTool,
|
|
|
|
|
|
VulnerabilityVerifyTool,
|
|
|
|
|
|
SandboxManager,
|
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
|
# 🔥 多语言代码测试工具
|
|
|
|
|
|
from .sandbox_language import (
|
|
|
|
|
|
PhpTestTool,
|
|
|
|
|
|
PythonTestTool,
|
|
|
|
|
|
JavaScriptTestTool,
|
|
|
|
|
|
JavaTestTool,
|
|
|
|
|
|
GoTestTool,
|
|
|
|
|
|
RubyTestTool,
|
|
|
|
|
|
ShellTestTool,
|
|
|
|
|
|
UniversalCodeTestTool,
|
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
|
# 🔥 漏洞验证专用工具
|
|
|
|
|
|
from .sandbox_vuln import (
|
|
|
|
|
|
CommandInjectionTestTool,
|
|
|
|
|
|
SqlInjectionTestTool,
|
|
|
|
|
|
XssTestTool,
|
|
|
|
|
|
PathTraversalTestTool,
|
|
|
|
|
|
SstiTestTool,
|
|
|
|
|
|
DeserializationTestTool,
|
|
|
|
|
|
UniversalVulnTestTool,
|
|
|
|
|
|
)
|
2025-12-11 19:09:10 +08:00
|
|
|
|
|
|
|
|
|
|
# 外部安全工具
|
|
|
|
|
|
from .external_tools import (
|
|
|
|
|
|
SemgrepTool,
|
|
|
|
|
|
BanditTool,
|
|
|
|
|
|
GitleaksTool,
|
|
|
|
|
|
NpmAuditTool,
|
|
|
|
|
|
SafetyTool,
|
|
|
|
|
|
TruffleHogTool,
|
|
|
|
|
|
OSVScannerTool,
|
|
|
|
|
|
)
|
|
|
|
|
|
|
feat(agent): implement comprehensive agent architecture with knowledge base and persistence layer
- Add database migrations for agent checkpoints and tree node tracking
- Implement core agent execution framework with executor, state management, and message handling
- Create knowledge base system with framework-specific modules (Django, FastAPI, Flask, Express, React, Supabase)
- Add vulnerability knowledge modules covering authentication, cryptography, injection, XSS, XXE, SSRF, path traversal, deserialization, and race conditions
- Introduce new agent tools: thinking tool, reporting tool, and agent-specific utilities
- Implement LLM memory compression and prompt caching for improved performance
- Add agent registry and persistence layer for checkpoint management
- Refactor agent implementations (analysis, recon, verification, orchestrator) with enhanced capabilities
- Remove legacy agent implementations (analysis_v2, react_agent)
- Update API endpoints for agent task creation and project management
- Add frontend components for agent task creation and enhanced audit UI
- Consolidate agent service architecture with improved separation of concerns
- This refactoring provides a scalable foundation for multi-agent collaboration with knowledge-driven decision making and state persistence
2025-12-12 15:27:12 +08:00
|
|
|
|
# 🔥 新增:思考和推理工具
|
|
|
|
|
|
from .thinking_tool import ThinkTool, ReflectTool
|
|
|
|
|
|
|
|
|
|
|
|
# 🔥 新增:漏洞报告工具
|
|
|
|
|
|
from .reporting_tool import CreateVulnerabilityReportTool
|
|
|
|
|
|
|
2025-12-13 12:35:03 +08:00
|
|
|
|
# 🔥 新增:扫描完成工具
|
|
|
|
|
|
from .finish_tool import FinishScanTool
|
|
|
|
|
|
|
feat(agent): implement comprehensive agent architecture with knowledge base and persistence layer
- Add database migrations for agent checkpoints and tree node tracking
- Implement core agent execution framework with executor, state management, and message handling
- Create knowledge base system with framework-specific modules (Django, FastAPI, Flask, Express, React, Supabase)
- Add vulnerability knowledge modules covering authentication, cryptography, injection, XSS, XXE, SSRF, path traversal, deserialization, and race conditions
- Introduce new agent tools: thinking tool, reporting tool, and agent-specific utilities
- Implement LLM memory compression and prompt caching for improved performance
- Add agent registry and persistence layer for checkpoint management
- Refactor agent implementations (analysis, recon, verification, orchestrator) with enhanced capabilities
- Remove legacy agent implementations (analysis_v2, react_agent)
- Update API endpoints for agent task creation and project management
- Add frontend components for agent task creation and enhanced audit UI
- Consolidate agent service architecture with improved separation of concerns
- This refactoring provides a scalable foundation for multi-agent collaboration with knowledge-driven decision making and state persistence
2025-12-12 15:27:12 +08:00
|
|
|
|
# 🔥 新增:Agent协作工具
|
|
|
|
|
|
from .agent_tools import (
|
|
|
|
|
|
CreateSubAgentTool,
|
|
|
|
|
|
SendMessageTool,
|
|
|
|
|
|
ViewAgentGraphTool,
|
|
|
|
|
|
WaitForMessageTool,
|
|
|
|
|
|
AgentFinishTool,
|
|
|
|
|
|
RunSubAgentsTool,
|
|
|
|
|
|
CollectSubAgentResultsTool,
|
|
|
|
|
|
)
|
|
|
|
|
|
|
2025-12-13 12:35:03 +08:00
|
|
|
|
# 🔥 新增:智能扫描工具
|
|
|
|
|
|
from .smart_scan_tool import SmartScanTool, QuickAuditTool
|
|
|
|
|
|
|
2025-12-15 02:00:34 +08:00
|
|
|
|
# 🔥 新增:Kunlun-M 静态代码分析工具 (MIT License)
|
|
|
|
|
|
from .kunlun_tool import KunlunMTool, KunlunRuleListTool, KunlunPluginTool
|
|
|
|
|
|
|
2025-12-11 19:09:10 +08:00
|
|
|
|
__all__ = [
|
|
|
|
|
|
# 基础
|
|
|
|
|
|
"AgentTool",
|
|
|
|
|
|
"ToolResult",
|
|
|
|
|
|
|
|
|
|
|
|
# RAG 工具
|
|
|
|
|
|
"RAGQueryTool",
|
|
|
|
|
|
"SecurityCodeSearchTool",
|
|
|
|
|
|
"FunctionContextTool",
|
|
|
|
|
|
|
|
|
|
|
|
# 代码分析
|
|
|
|
|
|
"PatternMatchTool",
|
|
|
|
|
|
"CodeAnalysisTool",
|
|
|
|
|
|
"DataFlowAnalysisTool",
|
|
|
|
|
|
"VulnerabilityValidationTool",
|
|
|
|
|
|
|
|
|
|
|
|
# 文件操作
|
|
|
|
|
|
"FileReadTool",
|
|
|
|
|
|
"FileSearchTool",
|
|
|
|
|
|
"ListFilesTool",
|
|
|
|
|
|
|
|
|
|
|
|
# 沙箱
|
|
|
|
|
|
"SandboxTool",
|
|
|
|
|
|
"SandboxHttpTool",
|
|
|
|
|
|
"VulnerabilityVerifyTool",
|
|
|
|
|
|
"SandboxManager",
|
2025-12-14 17:20:54 +08:00
|
|
|
|
|
|
|
|
|
|
# 🔥 多语言代码测试工具
|
|
|
|
|
|
"PhpTestTool",
|
|
|
|
|
|
"PythonTestTool",
|
|
|
|
|
|
"JavaScriptTestTool",
|
|
|
|
|
|
"JavaTestTool",
|
|
|
|
|
|
"GoTestTool",
|
|
|
|
|
|
"RubyTestTool",
|
|
|
|
|
|
"ShellTestTool",
|
|
|
|
|
|
"UniversalCodeTestTool",
|
|
|
|
|
|
|
|
|
|
|
|
# 🔥 漏洞验证专用工具
|
|
|
|
|
|
"CommandInjectionTestTool",
|
|
|
|
|
|
"SqlInjectionTestTool",
|
|
|
|
|
|
"XssTestTool",
|
|
|
|
|
|
"PathTraversalTestTool",
|
|
|
|
|
|
"SstiTestTool",
|
|
|
|
|
|
"DeserializationTestTool",
|
|
|
|
|
|
"UniversalVulnTestTool",
|
2025-12-11 19:09:10 +08:00
|
|
|
|
|
|
|
|
|
|
# 外部安全工具
|
|
|
|
|
|
"SemgrepTool",
|
|
|
|
|
|
"BanditTool",
|
|
|
|
|
|
"GitleaksTool",
|
|
|
|
|
|
"NpmAuditTool",
|
|
|
|
|
|
"SafetyTool",
|
|
|
|
|
|
"TruffleHogTool",
|
|
|
|
|
|
"OSVScannerTool",
|
feat(agent): implement comprehensive agent architecture with knowledge base and persistence layer
- Add database migrations for agent checkpoints and tree node tracking
- Implement core agent execution framework with executor, state management, and message handling
- Create knowledge base system with framework-specific modules (Django, FastAPI, Flask, Express, React, Supabase)
- Add vulnerability knowledge modules covering authentication, cryptography, injection, XSS, XXE, SSRF, path traversal, deserialization, and race conditions
- Introduce new agent tools: thinking tool, reporting tool, and agent-specific utilities
- Implement LLM memory compression and prompt caching for improved performance
- Add agent registry and persistence layer for checkpoint management
- Refactor agent implementations (analysis, recon, verification, orchestrator) with enhanced capabilities
- Remove legacy agent implementations (analysis_v2, react_agent)
- Update API endpoints for agent task creation and project management
- Add frontend components for agent task creation and enhanced audit UI
- Consolidate agent service architecture with improved separation of concerns
- This refactoring provides a scalable foundation for multi-agent collaboration with knowledge-driven decision making and state persistence
2025-12-12 15:27:12 +08:00
|
|
|
|
|
|
|
|
|
|
# 🔥 思考和推理工具
|
|
|
|
|
|
"ThinkTool",
|
|
|
|
|
|
"ReflectTool",
|
|
|
|
|
|
|
|
|
|
|
|
# 🔥 漏洞报告工具
|
|
|
|
|
|
"CreateVulnerabilityReportTool",
|
|
|
|
|
|
|
2025-12-13 12:35:03 +08:00
|
|
|
|
# 🔥 扫描完成工具
|
|
|
|
|
|
"FinishScanTool",
|
|
|
|
|
|
|
feat(agent): implement comprehensive agent architecture with knowledge base and persistence layer
- Add database migrations for agent checkpoints and tree node tracking
- Implement core agent execution framework with executor, state management, and message handling
- Create knowledge base system with framework-specific modules (Django, FastAPI, Flask, Express, React, Supabase)
- Add vulnerability knowledge modules covering authentication, cryptography, injection, XSS, XXE, SSRF, path traversal, deserialization, and race conditions
- Introduce new agent tools: thinking tool, reporting tool, and agent-specific utilities
- Implement LLM memory compression and prompt caching for improved performance
- Add agent registry and persistence layer for checkpoint management
- Refactor agent implementations (analysis, recon, verification, orchestrator) with enhanced capabilities
- Remove legacy agent implementations (analysis_v2, react_agent)
- Update API endpoints for agent task creation and project management
- Add frontend components for agent task creation and enhanced audit UI
- Consolidate agent service architecture with improved separation of concerns
- This refactoring provides a scalable foundation for multi-agent collaboration with knowledge-driven decision making and state persistence
2025-12-12 15:27:12 +08:00
|
|
|
|
# 🔥 Agent协作工具
|
|
|
|
|
|
"CreateSubAgentTool",
|
|
|
|
|
|
"SendMessageTool",
|
|
|
|
|
|
"ViewAgentGraphTool",
|
|
|
|
|
|
"WaitForMessageTool",
|
|
|
|
|
|
"AgentFinishTool",
|
|
|
|
|
|
"RunSubAgentsTool",
|
|
|
|
|
|
"CollectSubAgentResultsTool",
|
2025-12-13 12:35:03 +08:00
|
|
|
|
|
|
|
|
|
|
# 🔥 智能扫描工具
|
|
|
|
|
|
"SmartScanTool",
|
|
|
|
|
|
"QuickAuditTool",
|
2025-12-15 02:00:34 +08:00
|
|
|
|
|
|
|
|
|
|
# 🔥 Kunlun-M 工具 (MIT License - https://github.com/LoRexxar/Kunlun-M)
|
|
|
|
|
|
"KunlunMTool",
|
|
|
|
|
|
"KunlunRuleListTool",
|
|
|
|
|
|
"KunlunPluginTool",
|
2025-12-11 19:09:10 +08:00
|
|
|
|
]
|