Documentation Index
Fetch the complete documentation index at: https://mintlify.com/usestrix/strix/llms.txt
Use this file to discover all available pages before exploring further.
Non-interactive mode runs Strix without the TUI interface, making it ideal for automation, CI/CD pipelines, and scripting.
Overview
Enable non-interactive mode with the --non-interactive or -n flag:
strix --target https://example.com --non-interactive
Behavior
In non-interactive mode:
No TUI
- No text-based user interface is displayed
- Output is printed directly to stdout/stderr
- Suitable for terminal sessions without advanced features
Automatic Exit
- Process exits automatically when scan completes
- No manual intervention required
- Returns appropriate exit codes
Vulnerability Display
- Vulnerabilities are printed to stdout in real-time as they’re found
- Each vulnerability is displayed in a formatted panel
- Full details are also saved to output directory
Progress Indicators
- Live status panel shows scan progress
- Updates every 2 seconds
- Shows statistics: duration, agents, tools, vulnerabilities
Exit Codes
Non-interactive mode uses exit codes to indicate scan results:
Success - No vulnerabilities foundThe scan completed successfully and no security issues were discovered.strix --target example.com --non-interactive
echo $? # Output: 0
Error during executionAn error occurred that prevented the scan from completing:
- LLM connection failure
- Docker error
- Configuration error
- Unhandled exception
strix --target example.com --non-interactive
echo $? # Output: 1
Success - Vulnerabilities foundThe scan completed successfully and security vulnerabilities were discovered.This allows CI/CD pipelines to fail builds when vulnerabilities are found.strix --target example.com --non-interactive
echo $? # Output: 2
Startup Banner
When starting, you’ll see:
╔══════════════════════════════════════════╗
║ STRIX ║
║ Penetration test initiated ║
║ ║
║ Target https://example.com ║
║ Output strix_runs/example_20260301_1234║
║ ║
║ Vulnerabilities will be displayed in ║
║ real-time. ║
╚══════════════════════════════════════════╝
Progress Updates
During the scan, a live status panel updates:
╔══════════════════════════════════════════╗
║ STRIX ║
║ Penetration test in progress ║
║ ║
║ Duration 5m 23s ║
║ Active agents 2 ║
║ Tools executed 24 ║
║ Vulnerabilities 1 ║
╚══════════════════════════════════════════╝
Vulnerability Notifications
When a vulnerability is found, it’s immediately printed:
╔══════════════════════════════════════════╗
║ VULN-A3F8B2E1 ║
║ ║
║ SQL Injection in Search Endpoint ║
║ ║
║ Severity CRITICAL ║
║ CVSS 9.8 ║
║ Target https://example.com ║
║ Endpoint /api/search ║
║ Method GET ║
║ ║
║ Description ║
║ The search parameter is vulnerable to ║
║ SQL injection, allowing attackers to ║
║ extract database contents. ║
║ ║
║ Impact ║
║ Complete database compromise including ║
║ user credentials and sensitive data. ║
╚══════════════════════════════════════════╝
Completion Summary
When the scan finishes:
╔══════════════════════════════════════════╗
║ STRIX ║
║ Penetration test summary ║
║ ║
║ [Agent's natural language summary] ║
╚══════════════════════════════════════════╝
╔══════════════════════════════════════════╗
║ STRIX ║
║ Penetration test completed ║
║ ║
║ Target https://example.com ║
║ ║
║ Vulnerabilities 3 found ║
║ Duration 12m 34s ║
║ Tools executed 47 ║
║ ║
║ Output strix_runs/example_20260301_1234║
╚══════════════════════════════════════════╝
models.strix.ai · discord.gg/strix-ai
CI/CD Integration
Basic Usage
Fail the build if vulnerabilities are found:
strix --target https://example.com --non-interactive
if [ $? -eq 2 ]; then
echo "Security vulnerabilities found! Failing build."
exit 1
fi
GitHub Actions
name: Security Scan
on:
pull_request:
branches: [ main ]
push:
branches: [ main ]
jobs:
security:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Set up Docker
uses: docker/setup-buildx-action@v2
- name: Run Strix Security Scan
env:
STRIX_LLM: ${{ secrets.STRIX_LLM }}
LLM_API_KEY: ${{ secrets.LLM_API_KEY }}
run: |
pip install strix-agent
strix --target . --scan-mode quick --non-interactive
- name: Upload scan results
if: always()
uses: actions/upload-artifact@v3
with:
name: strix-results
path: strix_runs/
GitLab CI
security_scan:
stage: test
image: python:3.11
before_script:
- pip install strix-agent
script:
- strix --target $CI_PROJECT_DIR --scan-mode quick --non-interactive
variables:
STRIX_LLM: "openai/gpt-4"
LLM_API_KEY: $LLM_API_KEY
artifacts:
when: always
paths:
- strix_runs/
expire_in: 30 days
only:
- merge_requests
- main
Jenkins
pipeline {
agent any
environment {
STRIX_LLM = 'openai/gpt-4'
LLM_API_KEY = credentials('llm-api-key')
}
stages {
stage('Security Scan') {
steps {
sh '''
pip install strix-agent
strix --target . --scan-mode quick --non-interactive
'''
}
}
}
post {
always {
archiveArtifacts artifacts: 'strix_runs/**/*', allowEmptyArchive: true
}
failure {
echo 'Security vulnerabilities found or scan failed'
}
}
}
CircleCI
version: 2.1
jobs:
security_scan:
docker:
- image: python:3.11
steps:
- checkout
- setup_remote_docker:
version: 20.10.14
- run:
name: Install Strix
command: pip install strix-agent
- run:
name: Run Security Scan
command: strix --target . --scan-mode quick --non-interactive
environment:
STRIX_LLM: openai/gpt-4
- store_artifacts:
path: strix_runs/
destination: security-results
workflows:
version: 2
build_and_test:
jobs:
- security_scan:
context: strix-credentials
Advanced Usage
Scan Multiple Targets
strix --target ./source-code \
--target https://staging.example.com \
--target https://prod.example.com \
--non-interactive
Quick CI/CD Scan
strix --target . \
--scan-mode quick \
--instruction "Focus on new code changes" \
--non-interactive
Deep Pre-Release Audit
strix --target https://staging.example.com \
--scan-mode deep \
--instruction-file ./security-requirements.md \
--non-interactive
Capture All Output
strix --target example.com --non-interactive > scan-output.txt 2>&1
Parse JSON Results
After the scan, parse the JSON output:
strix --target example.com --non-interactive
# Check for critical vulnerabilities
jq '.[] | select(.severity == "critical")' strix_runs/*/vulnerabilities.json
# Count vulnerabilities by severity
jq 'group_by(.severity) | map({severity: .[0].severity, count: length})' strix_runs/*/vulnerabilities.json
Environment Variables
Non-interactive mode requires the same environment variables as interactive mode:
Required
export STRIX_LLM="openai/gpt-4"
Optional
export LLM_API_KEY="your-api-key-here"
export LLM_API_BASE="https://api.openai.com/v1"
export PERPLEXITY_API_KEY="your-perplexity-key"
export STRIX_REASONING_EFFORT="high"
Output Directory
Results are saved to strix_runs/<run_name>/:
strix_runs/example_20260301_123456/
├── vulnerabilities.json # Machine-readable vulnerability data
├── vulnerabilities.md # Human-readable vulnerability reports
├── scan_metadata.json # Scan configuration and metadata
├── agent_traces.json # Agent execution traces
└── tool_executions.json # Tool call history
Logging and Debugging
Standard Output
All scan information goes to stdout:
strix --target example.com --non-interactive 2>/dev/null
Error Output
Errors and warnings go to stderr:
strix --target example.com --non-interactive 2>errors.log
Capture Everything
strix --target example.com --non-interactive &> full-output.log
Comparison with Interactive Mode
| Feature | Non-Interactive | Interactive |
|---|
| TUI Display | No | Yes |
| Auto-exit | Yes | No |
| Exit code 2 for vulns | Yes | No |
| Real-time vulnerability display | Yes (stdout) | Yes (TUI panel) |
| Agent interaction | No | Yes |
| Progress updates | Live panel | Full TUI |
| CI/CD friendly | Yes | No |
| Resource usage | Lower | Higher |
| Suitable for | Automation, scripts, CI/CD | Human supervision, development |
Troubleshooting
Exit Code Always 1
Problem: Scan always exits with code 1
Possible causes:
- LLM connection failure - check API key and network
- Docker not running - start Docker daemon
- Invalid configuration - verify environment variables
- Missing required flags - ensure
--target is provided
No Output Displayed
Problem: Scan runs but produces no output
Solutions:
- Wait - LLM initialization can take 30-60 seconds
- Check that stdout isn’t being redirected unexpectedly
- Verify Docker containers are running:
docker ps
- Check logs in output directory
Scan Exits Before Completion
Problem: Scan exits early without finding vulnerabilities
Solutions:
- Check for errors in stderr:
strix ... 2>errors.log
- Verify target is accessible from Docker containers
- Review scan metadata in output directory
- Try running in interactive mode to see detailed logs
Best Practices
For CI/CD
-
Use quick scan mode for faster feedback:
strix --target . --scan-mode quick --non-interactive
-
Archive results as build artifacts for later review
-
Set reasonable timeouts in your CI configuration
-
Use specific instructions to focus on recent changes:
strix --target . --instruction "Focus on authentication module" --non-interactive
For Scripts
-
Check exit codes to handle different scenarios:
strix --target example.com --non-interactive
case $? in
0) echo "No vulnerabilities found" ;;
1) echo "Scan failed" ; exit 1 ;;
2) echo "Vulnerabilities found" ; exit 1 ;;
esac
-
Capture output for processing:
strix --target example.com --non-interactive > results.txt
-
Parse JSON reports for automation:
jq -r '.[] | "\(.severity): \(.title)"' strix_runs/*/vulnerabilities.json
See Also