--- title: "CLI Reference" description: "Command-line options for Strix" --- ## Basic Usage ```bash strix --target [options] ``` ## Options Target to test. Accepts URLs, repositories, local directories, domains, or IP addresses. Can be specified multiple times. Bind-mount a local directory into the sandbox (read-only) instead of copying it in file-by-file. Use this for large repositories that are too big to stream into the container. Can be specified multiple times. Strix copies local `--target` directories into the sandbox one file at a time, which stalls on very large trees. When a local target exceeds the copy limit (see `STRIX_MAX_LOCAL_COPY_MB`, default 1024 MB) Strix exits early and asks you to re-run with `--mount`. The mount is read-only to protect your source from accidental modification. This is not a hard security boundary: a root process inside the container can remount it writable, so treat `--mount` as "scan my own code", not as isolation from untrusted code. The size pre-flight only covers local directory targets. Remote repositories (cloned at scan time) are not size-checked. Custom instructions for the scan. Use for credentials, focus areas, or specific testing approaches. Path to a file containing detailed instructions. Scan depth: `quick`, `standard`, or `deep`. Code scope mode: `auto` (enable PR diff-scope in CI/headless runs), `diff` (force changed-files scope), or `full` (disable diff-scope). Target branch or commit to compare against (e.g., `origin/main`). Defaults to the repository's default branch. Run in headless mode without TUI. Ideal for CI/CD. Path to a custom config file (JSON) to use instead of `~/.strix/cli-config.json`. Maximum LLM spend in USD for the whole scan, counted cumulatively across the root agent and every child agent. The budget is checked after each model response; once the running cost reaches the threshold, the scan stops cleanly with a `stopped` status (not a failure) and the sandbox is torn down. Must be greater than `0`. Omit the flag for no limit. **Limitations** - The check fires *after* a response is returned, so the final spend can slightly overshoot the limit by any calls already in flight when the threshold is crossed (most relevant with several child agents running concurrently). - Cost is a best-effort estimate derived from token usage and model pricing; providers that do not expose priced usage may under-count. - For LiteLLM-routed models, Strix enables streaming success callbacks to capture provider-reported cost. Message content remains excluded, but third-party LiteLLM callbacks configured in the same process can receive other streaming metadata such as model names, request IDs, and token counts. ## Examples ```bash # Basic scan strix --target https://example.com # Authenticated testing strix --target https://app.com --instruction "Use credentials: user:pass" # Focused testing strix --target api.example.com --instruction "Focus on IDOR and auth bypass" # CI/CD mode strix -n --target ./ --scan-mode quick # Force diff-scope against a specific base ref strix -n --target ./ --scan-mode quick --scope-mode diff --diff-base origin/main # Multi-target white-box testing strix -t https://github.com/org/app -t https://staging.example.com # Large local repository — bind-mount instead of copying it in strix --mount ./huge-monorepo ``` ## Exit Codes | Code | Meaning | |------|---------| | 0 | Scan completed, no vulnerabilities found | | 2 | Vulnerabilities found (headless mode only) |