121 lines
4.6 KiB
Plaintext
121 lines
4.6 KiB
Plaintext
---
|
|
title: "CLI Reference"
|
|
description: "Command-line options for Strix"
|
|
---
|
|
|
|
## Basic Usage
|
|
|
|
```bash
|
|
strix (--target <target> | --target-list <path> | --mount <path>) [options]
|
|
```
|
|
|
|
## Options
|
|
|
|
<ParamField path="--target, -t" type="string">
|
|
Target to test. Accepts URLs, repositories, local directories, domains, or IP addresses. Can be specified multiple times. Fresh runs require at least one target source: `--target`, `--target-list`, or `--mount`.
|
|
</ParamField>
|
|
|
|
<ParamField path="--target-list" type="string">
|
|
Path to a file containing targets, one per non-empty, non-comment line. Lines starting with `#` are ignored. Can be specified multiple times and combined with `--target`.
|
|
</ParamField>
|
|
|
|
<ParamField path="--mount" type="string">
|
|
Bind-mount a local directory into the sandbox (read-only) instead of copying it in file-by-file. Use this for large repositories that are too big to stream into the container. Can be specified multiple times.
|
|
|
|
Strix copies local `--target` directories into the sandbox one file at a time, which stalls on very large trees. When a local target exceeds the copy limit (see `STRIX_MAX_LOCAL_COPY_MB`, default 1024 MB) Strix exits early and asks you to re-run with `--mount`.
|
|
|
|
<Note>
|
|
The mount is read-only to protect your source from accidental modification. This is not a hard security boundary: a root process inside the container can remount it writable, so treat `--mount` as "scan my own code", not as isolation from untrusted code.
|
|
</Note>
|
|
|
|
<Note>
|
|
The size pre-flight only covers local directory targets. Remote repositories (cloned at scan time) are not size-checked.
|
|
</Note>
|
|
</ParamField>
|
|
|
|
<ParamField path="--instruction" type="string">
|
|
Custom instructions for the scan. Use for credentials, focus areas, or specific testing approaches.
|
|
</ParamField>
|
|
|
|
<ParamField path="--instruction-file" type="string">
|
|
Path to a file containing detailed instructions.
|
|
</ParamField>
|
|
|
|
<ParamField path="--scan-mode, -m" type="string" default="deep">
|
|
Scan depth: `quick`, `standard`, or `deep`.
|
|
</ParamField>
|
|
|
|
<ParamField path="--scope-mode" type="string" default="auto">
|
|
Code scope mode: `auto` (enable PR diff-scope in CI/headless runs), `diff` (force changed-files scope), or `full` (disable diff-scope).
|
|
</ParamField>
|
|
|
|
<ParamField path="--diff-base" type="string">
|
|
Target branch or commit to compare against (e.g., `origin/main`). Defaults to the repository's default branch.
|
|
</ParamField>
|
|
|
|
<ParamField path="--non-interactive, -n" type="boolean">
|
|
Run in headless mode without TUI. Ideal for CI/CD.
|
|
</ParamField>
|
|
|
|
<ParamField path="--config" type="string">
|
|
Path to a custom config file (JSON) to use instead of `~/.strix/cli-config.json`.
|
|
</ParamField>
|
|
|
|
<ParamField path="--max-budget-usd" type="number">
|
|
Maximum LLM spend in USD for the whole scan, counted cumulatively across the
|
|
root agent and every child agent. The budget is checked after each model
|
|
response; once the running cost reaches the threshold, the scan stops cleanly
|
|
with a `stopped` status (not a failure) and the sandbox is torn down.
|
|
|
|
Must be greater than `0`. Omit the flag for no limit.
|
|
|
|
**Limitations**
|
|
|
|
- The check fires *after* a response is returned, so the final spend can
|
|
slightly overshoot the limit by any calls already in flight when the
|
|
threshold is crossed (most relevant with several child agents running
|
|
concurrently).
|
|
- Cost is a best-effort estimate derived from token usage and model pricing;
|
|
providers that do not expose priced usage may under-count.
|
|
- For LiteLLM-routed models, Strix enables streaming success callbacks to
|
|
capture provider-reported cost. Message content remains excluded, but
|
|
third-party LiteLLM callbacks configured in the same process can receive
|
|
other streaming metadata such as model names, request IDs, and token
|
|
counts.
|
|
</ParamField>
|
|
|
|
## Examples
|
|
|
|
```bash
|
|
# Basic scan
|
|
strix --target https://example.com
|
|
|
|
# Authenticated testing
|
|
strix --target https://app.com --instruction "Use credentials: user:pass"
|
|
|
|
# Focused testing
|
|
strix --target api.example.com --instruction "Focus on IDOR and auth bypass"
|
|
|
|
# CI/CD mode
|
|
strix -n --target ./ --scan-mode quick
|
|
|
|
# Force diff-scope against a specific base ref
|
|
strix -n --target ./ --scan-mode quick --scope-mode diff --diff-base origin/main
|
|
|
|
# Multi-target white-box testing
|
|
strix -t https://github.com/org/app -t https://staging.example.com
|
|
|
|
# Targets from a file
|
|
strix --target-list ./targets.txt
|
|
|
|
# Large local repository — bind-mount instead of copying it in
|
|
strix --mount ./huge-monorepo
|
|
```
|
|
|
|
## Exit Codes
|
|
|
|
| Code | Meaning |
|
|
|------|---------|
|
|
| 0 | Scan completed, no vulnerabilities found |
|
|
| 2 | Vulnerabilities found (headless mode only) |
|