--- title: "CLI Reference" description: "Command-line options for Strix" --- ## Basic Usage ```bash strix --target [options] ``` ## Options Target to test. Accepts URLs, repositories, local directories, domains, or IP addresses. Can be specified multiple times. Custom instructions for the scan. Use for credentials, focus areas, or specific testing approaches. Path to a file containing detailed instructions. Scan depth: `quick`, `standard`, or `deep`. Code scope mode: `auto` (enable PR diff-scope in CI/headless runs), `diff` (force changed-files scope), or `full` (disable diff-scope). Target branch or commit to compare against (e.g., `origin/main`). Defaults to the repository's default branch. Run in headless mode without TUI. Ideal for CI/CD. Path to a custom config file (JSON) to use instead of `~/.strix/cli-config.json`. Maximum LLM spend in USD for the whole scan, counted cumulatively across the root agent and every child agent. The budget is checked after each model response; once the running cost reaches the threshold, the scan stops cleanly with a `stopped` status (not a failure) and the sandbox is torn down. Must be greater than `0`. Omit the flag for no limit. **Limitations** - The check fires *after* a response is returned, so the final spend can slightly overshoot the limit by any calls already in flight when the threshold is crossed (most relevant with several child agents running concurrently). - Cost is a best-effort estimate derived from token usage and model pricing; providers that do not expose priced usage may under-count. ## Examples ```bash # Basic scan strix --target https://example.com # Authenticated testing strix --target https://app.com --instruction "Use credentials: user:pass" # Focused testing strix --target api.example.com --instruction "Focus on IDOR and auth bypass" # CI/CD mode strix -n --target ./ --scan-mode quick # Force diff-scope against a specific base ref strix -n --target ./ --scan-mode quick --scope-mode diff --diff-base origin/main # Multi-target white-box testing strix -t https://github.com/org/app -t https://staging.example.com ``` ## Exit Codes | Code | Meaning | |------|---------| | 0 | Scan completed, no vulnerabilities found | | 2 | Vulnerabilities found (headless mode only) |