diff --git a/docs/README.md b/docs/README.md
new file mode 100644
index 0000000..cc19895
--- /dev/null
+++ b/docs/README.md
@@ -0,0 +1,10 @@
+# Strix Documentation
+
+Documentation source files for Strix, powered by [Mintlify](https://mintlify.com).
+
+## Local Preview
+
+```bash
+npm i -g mintlify
+cd docs && mintlify dev
+```
diff --git a/docs/advanced/configuration.mdx b/docs/advanced/configuration.mdx
new file mode 100644
index 0000000..c40385b
--- /dev/null
+++ b/docs/advanced/configuration.mdx
@@ -0,0 +1,88 @@
+---
+title: "Configuration"
+description: "Environment variables for Strix"
+---
+
+Configure Strix using environment variables.
+
+## LLM Configuration
+
+
+ Model name in LiteLLM format (e.g., `openai/gpt-5`, `anthropic/claude-sonnet-4-5`).
+
+
+
+ API key for your LLM provider. Not required for local models or cloud provider auth (Vertex AI, AWS Bedrock).
+
+
+
+ Custom API base URL. Also accepts `OPENAI_API_BASE`, `LITELLM_BASE_URL`, or `OLLAMA_API_BASE`.
+
+
+
+ Request timeout in seconds for LLM calls.
+
+
+
+ Delay in seconds between LLM requests for rate limiting.
+
+
+
+ Maximum concurrent LLM requests.
+
+
+
+ Control thinking effort for reasoning models. Valid values: `none`, `minimal`, `low`, `medium`, `high`, `xhigh`. Defaults to `medium` for quick scan mode.
+
+
+## Optional Features
+
+
+ API key for Perplexity AI. Enables real-time web search during scans for OSINT and vulnerability research.
+
+
+## Docker Configuration
+
+
+ Docker image to use for the sandbox container.
+
+
+
+ Docker daemon socket path. Use for remote Docker hosts or custom configurations.
+
+
+
+ Runtime backend for the sandbox environment.
+
+
+## Sandbox Configuration
+
+
+ Maximum execution time in seconds for sandbox operations.
+
+
+
+ Timeout in seconds for connecting to the sandbox container.
+
+
+
+ Disable browser tool.
+
+
+## Example Setup
+
+```bash
+# Required
+export STRIX_LLM="openai/gpt-5"
+export LLM_API_KEY="sk-..."
+
+# Optional: Enable web search
+export PERPLEXITY_API_KEY="pplx-..."
+
+# Optional: Custom timeouts
+export LLM_TIMEOUT="600"
+export STRIX_SANDBOX_EXECUTION_TIMEOUT="1000"
+
+# Optional: Use custom Docker image
+export STRIX_IMAGE="ghcr.io/usestrix/strix-sandbox:latest"
+```
diff --git a/docs/advanced/skills.mdx b/docs/advanced/skills.mdx
new file mode 100644
index 0000000..cbbcad6
--- /dev/null
+++ b/docs/advanced/skills.mdx
@@ -0,0 +1,119 @@
+---
+title: "Skills"
+description: "Specialized knowledge packages that enhance agent capabilities"
+---
+
+Skills are structured knowledge packages that give Strix agents deep expertise in specific vulnerability types, technologies, and testing methodologies.
+
+## The Idea
+
+LLMs have broad but shallow security knowledge. They know _about_ SQL injection, but lack the nuanced techniques that experienced pentesters use—parser quirks, bypass methods, validation tricks, and chain attacks.
+
+Skills inject this deep, specialized knowledge directly into the agent's context, transforming it from a generalist into a specialist for the task at hand.
+
+## How They Work
+
+When Strix spawns an agent for a specific task, it selects up to 5 relevant skills based on the context:
+
+```python
+# Agent created for JWT testing automatically loads relevant skills
+create_agent(
+ task="Test authentication mechanisms",
+ skills=["authentication_jwt", "business_logic"]
+)
+```
+
+The skills are injected into the agent's system prompt, giving it access to:
+
+- **Advanced techniques** — Non-obvious methods beyond standard testing
+- **Working payloads** — Practical examples with variations
+- **Validation methods** — How to confirm findings and avoid false positives
+
+## Skill Categories
+
+### Vulnerabilities
+
+Core vulnerability classes with deep exploitation techniques.
+
+| Skill | Coverage |
+| ------------------------------------- | ------------------------------------------------------ |
+| `authentication_jwt` | JWT attacks, algorithm confusion, claim tampering |
+| `idor` | Object reference attacks, horizontal/vertical access |
+| `sql_injection` | SQL injection variants, WAF bypasses, blind techniques |
+| `xss` | XSS types, filter bypasses, DOM exploitation |
+| `ssrf` | Server-side request forgery, protocol handlers |
+| `csrf` | Cross-site request forgery, token bypasses |
+| `xxe` | XML external entities, OOB exfiltration |
+| `rce` | Remote code execution vectors |
+| `business_logic` | Logic flaws, state manipulation, race conditions |
+| `race_conditions` | TOCTOU, parallel request attacks |
+| `path_traversal_lfi_rfi` | File inclusion, path traversal |
+| `open_redirect` | Redirect bypasses, URL parsing tricks |
+| `mass_assignment` | Attribute injection, hidden parameter pollution |
+| `insecure_file_uploads` | Upload bypasses, extension tricks |
+| `information_disclosure` | Data leakage, error-based enumeration |
+| `subdomain_takeover` | Dangling DNS, cloud resource claims |
+| `broken_function_level_authorization` | Privilege escalation, role bypasses |
+
+### Frameworks
+
+Framework-specific testing patterns.
+
+| Skill | Coverage |
+| --------- | -------------------------------------------- |
+| `fastapi` | FastAPI security patterns, Pydantic bypasses |
+| `nextjs` | Next.js SSR/SSG issues, API route security |
+
+### Technologies
+
+Third-party service and platform security.
+
+| Skill | Coverage |
+| -------------------- | ---------------------------------- |
+| `supabase` | Supabase RLS bypasses, auth issues |
+| `firebase_firestore` | Firestore rules, Firebase auth |
+
+### Protocols
+
+Protocol-specific testing techniques.
+
+| Skill | Coverage |
+| --------- | ------------------------------------------------ |
+| `graphql` | GraphQL introspection, batching, resolver issues |
+
+## Skill Structure
+
+Each skill uses XML-style tags for structure:
+
+```xml
+
+ NAME
+
+ Key insight about this vulnerability
+
+ What this skill covers
+
+ Step-by-step testing approach
+
+ How to find it
+
+ How to exploit it
+
+ How to bypass protections
+
+ How to confirm findings
+
+ What to watch out for
+
+ Additional Expert advice
+
+```
+
+## Contributing Skills
+
+Community contributions are welcome. Good skills include:
+
+1. **Real-world techniques** — Methods that work in practice
+2. **Practical payloads** — Working examples with variations
+3. **Validation steps** — How to confirm without false positives
+4. **Context awareness** — Version/environment-specific behavior
diff --git a/docs/cloud/overview.mdx b/docs/cloud/overview.mdx
new file mode 100644
index 0000000..9851a77
--- /dev/null
+++ b/docs/cloud/overview.mdx
@@ -0,0 +1,40 @@
+---
+title: "Introduction"
+description: "Managed security testing without local setup"
+---
+
+Skip the setup. Run Strix in the cloud at [app.usestrix.com](https://app.usestrix.com).
+
+## Features
+
+
+
+ No Docker, API keys, or local installation needed.
+
+
+ Detailed findings with remediation guidance.
+
+
+ Track vulnerabilities and fixes over time.
+
+
+ Automatic scans on pull requests.
+
+
+
+## What You Get
+
+- **Penetration test reports** — Validated findings with PoCs
+- **Shareable dashboards** — Collaborate with your team
+- **CI/CD integration** — Block risky changes automatically
+- **Continuous monitoring** — Catch new vulnerabilities quickly
+
+## Getting Started
+
+1. Sign up at [app.usestrix.com](https://app.usestrix.com)
+2. Connect your repository or enter a target URL
+3. Launch your first scan
+
+
+ Run your first pentest in minutes.
+
diff --git a/docs/contributing.mdx b/docs/contributing.mdx
new file mode 100644
index 0000000..830ec9b
--- /dev/null
+++ b/docs/contributing.mdx
@@ -0,0 +1,96 @@
+---
+title: "Contributing"
+description: "Contribute to Strix development"
+---
+
+## Development Setup
+
+### Prerequisites
+
+- Python 3.12+
+- Docker (running)
+- Poetry
+- Git
+
+### Local Development
+
+
+
+ ```bash
+ git clone https://github.com/usestrix/strix.git
+ cd strix
+ ```
+
+
+ ```bash
+ make setup-dev
+
+ # or manually:
+ poetry install --with=dev
+ poetry run pre-commit install
+ ```
+
+
+ ```bash
+ export STRIX_LLM="openai/gpt-5"
+ export LLM_API_KEY="your-api-key"
+ ```
+
+
+ ```bash
+ poetry run strix --target https://example.com
+ ```
+
+
+
+## Contributing Skills
+
+Skills are specialized knowledge packages that enhance agent capabilities. They live in `strix/skills/`
+
+### Creating a Skill
+
+1. Choose the right category
+2. Create a `.jinja` file with your skill content
+3. Include practical examples—working payloads, commands, test cases
+4. Provide validation methods to confirm findings
+5. Submit via PR
+
+## Contributing Code
+
+### Pull Request Process
+
+1. **Create an issue first** — Describe the problem or feature
+2. **Fork and branch** — Work from `main`
+3. **Make changes** — Follow existing code style
+4. **Write tests** — Ensure coverage for new features
+5. **Run checks** — `make check-all` should pass
+6. **Submit PR** — Link to issue and provide context
+
+### Code Style
+
+- PEP 8 with 100-character line limit
+- Type hints for all functions
+- Docstrings for public methods
+- Small, focused functions
+- Meaningful variable names
+
+## Reporting Issues
+
+Include:
+
+- Python version and OS
+- Strix version (`strix --version`)
+- LLM being used
+- Full error traceback
+- Steps to reproduce
+
+## Community
+
+
+
+ Join the community for help and discussion.
+
+
+ Report bugs and request features.
+
+
diff --git a/docs/docs.json b/docs/docs.json
new file mode 100644
index 0000000..725f418
--- /dev/null
+++ b/docs/docs.json
@@ -0,0 +1,129 @@
+{
+ "$schema": "https://mintlify.com/docs.json",
+ "theme": "maple",
+ "name": "Strix",
+ "colors": {
+ "primary": "#000000",
+ "light": "#ffffff",
+ "dark": "#000000"
+ },
+ "favicon": "/images/favicon-48.ico",
+ "navigation": {
+ "tabs": [
+ {
+ "tab": "Documentation",
+ "groups": [
+ {
+ "group": "Getting Started",
+ "pages": [
+ "index",
+ "quickstart"
+ ]
+ },
+ {
+ "group": "Usage",
+ "pages": [
+ "usage/cli",
+ "usage/scan-modes",
+ "usage/instructions"
+ ]
+ },
+ {
+ "group": "LLM Providers",
+ "pages": [
+ "llm-providers/overview",
+ "llm-providers/openai",
+ "llm-providers/anthropic",
+ "llm-providers/openrouter",
+ "llm-providers/vertex",
+ "llm-providers/bedrock",
+ "llm-providers/azure",
+ "llm-providers/local"
+ ]
+ },
+ {
+ "group": "Integrations",
+ "pages": [
+ "integrations/github-actions",
+ "integrations/ci-cd"
+ ]
+ },
+ {
+ "group": "Tools",
+ "pages": [
+ "tools/overview",
+ "tools/browser",
+ "tools/proxy",
+ "tools/terminal",
+ "tools/sandbox"
+ ]
+ },
+ {
+ "group": "Advanced",
+ "pages": [
+ "advanced/configuration",
+ "advanced/skills",
+ "contributing"
+ ]
+ }
+ ]
+ },
+ {
+ "tab": "Cloud",
+ "groups": [
+ {
+ "group": "Strix Cloud",
+ "pages": [
+ "cloud/overview"
+ ]
+ }
+ ]
+ }
+ ],
+ "global": {
+ "anchors": [
+ {
+ "anchor": "GitHub",
+ "href": "https://github.com/usestrix/strix",
+ "icon": "github"
+ },
+ {
+ "anchor": "Discord",
+ "href": "https://discord.gg/YjKFvEZSdZ",
+ "icon": "discord"
+ }
+ ]
+ }
+ },
+ "navbar": {
+ "links": [],
+ "primary": {
+ "type": "button",
+ "label": "Try Strix Cloud",
+ "href": "https://app.usestrix.com"
+ }
+ },
+ "footer": {
+ "socials": {
+ "x": "https://x.com/strix_ai",
+ "github": "https://github.com/usestrix",
+ "discord": "https://discord.gg/YjKFvEZSdZ"
+ }
+ },
+ "fonts": {
+ "family": "Geist",
+ "heading": {
+ "family": "Geist"
+ },
+ "body": {
+ "family": "Geist"
+ }
+ },
+ "appearance": {
+ "default": "dark"
+ },
+ "description": "Open-source AI Hackers to secure your Apps",
+ "background": {
+ "decoration": "grid"
+ }
+}
diff --git a/docs/images/favicon-48.ico b/docs/images/favicon-48.ico
new file mode 100644
index 0000000..64be0c4
Binary files /dev/null and b/docs/images/favicon-48.ico differ
diff --git a/docs/images/logo.png b/docs/images/logo.png
new file mode 100644
index 0000000..699eb83
Binary files /dev/null and b/docs/images/logo.png differ
diff --git a/docs/index.mdx b/docs/index.mdx
new file mode 100644
index 0000000..9b407f7
--- /dev/null
+++ b/docs/index.mdx
@@ -0,0 +1,45 @@
+---
+title: "Introduction"
+description: "Open-source AI hackers to secure your apps"
+---
+
+Strix are autonomous AI agents that act like real hackers—they run your code dynamically, find vulnerabilities, and validate them with proof-of-concepts.
+
+
+
+ Install and run your first scan in minutes.
+
+
+ Learn all command-line options.
+
+
+ Explore the security testing toolkit.
+
+
+ Integrate into your CI/CD pipeline.
+
+
+
+## Key Capabilities
+
+- **Full hacker toolkit** — Browser automation, HTTP proxy, terminal, Python runtime
+- **Real validation** — PoCs, not false positives
+- **Multi-agent orchestration** — Specialized agents collaborate on complex targets
+- **Developer-first CLI** — Interactive TUI or headless mode for automation
+
+## Vulnerability Coverage
+
+Strix can identify and validate:
+
+| Category | Examples |
+|----------|----------|
+| Access Control | IDOR, privilege escalation, auth bypass |
+| Injection | SQL, NoSQL, command injection |
+| Server-Side | SSRF, XXE, deserialization |
+| Client-Side | XSS, prototype pollution, DOM vulnerabilities |
+| Business Logic | Race conditions, workflow manipulation |
+| Authentication | JWT vulnerabilities, session management |
+
+
+Only test applications you own or have explicit permission to test.
+
diff --git a/docs/integrations/ci-cd.mdx b/docs/integrations/ci-cd.mdx
new file mode 100644
index 0000000..48213e7
--- /dev/null
+++ b/docs/integrations/ci-cd.mdx
@@ -0,0 +1,80 @@
+---
+title: "CI/CD Integration"
+description: "Run Strix in any CI/CD pipeline"
+---
+
+Strix runs in headless mode for automated pipelines.
+
+## Headless Mode
+
+Use the `-n` or `--non-interactive` flag:
+
+```bash
+strix -n --target ./app --scan-mode quick
+```
+
+## Exit Codes
+
+| Code | Meaning |
+|------|---------|
+| 0 | No vulnerabilities found |
+| 1 | Execution error |
+| 2 | Vulnerabilities found |
+
+## GitLab CI
+
+```yaml .gitlab-ci.yml
+security-scan:
+ image: docker:latest
+ services:
+ - docker:dind
+ variables:
+ STRIX_LLM: $STRIX_LLM
+ LLM_API_KEY: $LLM_API_KEY
+ script:
+ - curl -sSL https://strix.ai/install | bash
+ - strix -n -t ./ --scan-mode quick
+```
+
+## Jenkins
+
+```groovy Jenkinsfile
+pipeline {
+ agent any
+ environment {
+ STRIX_LLM = credentials('strix-llm')
+ LLM_API_KEY = credentials('llm-api-key')
+ }
+ stages {
+ stage('Security Scan') {
+ steps {
+ sh 'curl -sSL https://strix.ai/install | bash'
+ sh 'strix -n -t ./ --scan-mode quick'
+ }
+ }
+ }
+}
+```
+
+## CircleCI
+
+```yaml .circleci/config.yml
+version: 2.1
+jobs:
+ security-scan:
+ docker:
+ - image: cimg/base:current
+ steps:
+ - checkout
+ - setup_remote_docker
+ - run:
+ name: Install Strix
+ command: curl -sSL https://strix.ai/install | bash
+ - run:
+ name: Run Scan
+ command: strix -n -t ./ --scan-mode quick
+```
+
+
+All CI platforms require Docker access. Ensure your runner has Docker available.
+
diff --git a/docs/integrations/github-actions.mdx b/docs/integrations/github-actions.mdx
new file mode 100644
index 0000000..827dce0
--- /dev/null
+++ b/docs/integrations/github-actions.mdx
@@ -0,0 +1,60 @@
+---
+title: "GitHub Actions"
+description: "Run Strix security scans on every pull request"
+---
+
+Integrate Strix into your GitHub workflow to catch vulnerabilities before they reach production.
+
+## Basic Workflow
+
+```yaml .github/workflows/security.yml
+name: Security Scan
+
+on:
+ pull_request:
+
+jobs:
+ strix-scan:
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/checkout@v4
+
+ - name: Install Strix
+ run: curl -sSL https://strix.ai/install | bash
+
+ - name: Run Security Scan
+ env:
+ STRIX_LLM: ${{ secrets.STRIX_LLM }}
+ LLM_API_KEY: ${{ secrets.LLM_API_KEY }}
+ run: strix -n -t ./ --scan-mode quick
+```
+
+## Required Secrets
+
+Add these secrets to your repository:
+
+| Secret | Description |
+|--------|-------------|
+| `STRIX_LLM` | Model name (e.g., `openai/gpt-5`) |
+| `LLM_API_KEY` | API key for your LLM provider |
+
+## Exit Codes
+
+The workflow fails when vulnerabilities are found:
+
+| Code | Result |
+|------|--------|
+| 0 | Pass — No vulnerabilities |
+| 2 | Fail — Vulnerabilities found |
+
+## Scan Modes for CI
+
+| Mode | Duration | Use Case |
+|------|----------|----------|
+| `quick` | Minutes | Every PR |
+| `standard` | ~30 min | Nightly builds |
+| `deep` | 1-4 hours | Release candidates |
+
+
+Use `quick` mode for PRs to keep feedback fast. Schedule `deep` scans nightly.
+
diff --git a/docs/llm-providers/anthropic.mdx b/docs/llm-providers/anthropic.mdx
new file mode 100644
index 0000000..81680a1
--- /dev/null
+++ b/docs/llm-providers/anthropic.mdx
@@ -0,0 +1,24 @@
+---
+title: "Anthropic"
+description: "Configure Strix with Claude models"
+---
+
+## Setup
+
+```bash
+export STRIX_LLM="anthropic/claude-sonnet-4-5"
+export LLM_API_KEY="sk-ant-..."
+```
+
+## Available Models
+
+| Model | Description |
+|-------|-------------|
+| `anthropic/claude-sonnet-4-5` | Best balance of intelligence and speed (recommended) |
+| `anthropic/claude-opus-4-5` | Maximum capability for deep analysis |
+
+## Get API Key
+
+1. Go to [console.anthropic.com](https://console.anthropic.com)
+2. Navigate to API Keys
+3. Create a new key
diff --git a/docs/llm-providers/azure.mdx b/docs/llm-providers/azure.mdx
new file mode 100644
index 0000000..629516d
--- /dev/null
+++ b/docs/llm-providers/azure.mdx
@@ -0,0 +1,37 @@
+---
+title: "Azure OpenAI"
+description: "Configure Strix with OpenAI models via Azure"
+---
+
+## Setup
+
+```bash
+export STRIX_LLM="azure/your-gpt5-deployment"
+export AZURE_API_KEY="your-azure-api-key"
+export AZURE_API_BASE="https://your-resource.openai.azure.com"
+export AZURE_API_VERSION="2025-11-01-preview"
+```
+
+## Configuration
+
+| Variable | Description |
+|----------|-------------|
+| `STRIX_LLM` | `azure/` |
+| `AZURE_API_KEY` | Your Azure OpenAI API key |
+| `AZURE_API_BASE` | Your Azure OpenAI endpoint URL |
+| `AZURE_API_VERSION` | API version (e.g., `2025-11-01-preview`) |
+
+## Example
+
+```bash
+export STRIX_LLM="azure/gpt-5-deployment"
+export AZURE_API_KEY="abc123..."
+export AZURE_API_BASE="https://mycompany.openai.azure.com"
+export AZURE_API_VERSION="2025-11-01-preview"
+```
+
+## Prerequisites
+
+1. Create an Azure OpenAI resource
+2. Deploy a model (e.g., GPT-5)
+3. Get the endpoint URL and API key from the Azure portal
diff --git a/docs/llm-providers/bedrock.mdx b/docs/llm-providers/bedrock.mdx
new file mode 100644
index 0000000..2189e98
--- /dev/null
+++ b/docs/llm-providers/bedrock.mdx
@@ -0,0 +1,47 @@
+---
+title: "AWS Bedrock"
+description: "Configure Strix with models via AWS Bedrock"
+---
+
+## Setup
+
+```bash
+export STRIX_LLM="bedrock/anthropic.claude-4-5-sonnet-20251022-v1:0"
+```
+
+No API key required—uses AWS credentials from environment.
+
+## Authentication
+
+### Option 1: AWS CLI Profile
+
+```bash
+export AWS_PROFILE="your-profile"
+export AWS_REGION="us-east-1"
+```
+
+### Option 2: Access Keys
+
+```bash
+export AWS_ACCESS_KEY_ID="AKIA..."
+export AWS_SECRET_ACCESS_KEY="..."
+export AWS_REGION="us-east-1"
+```
+
+### Option 3: IAM Role (EC2/ECS)
+
+Automatically uses instance role credentials.
+
+## Available Models
+
+| Model | Description |
+|-------|-------------|
+| `bedrock/anthropic.claude-4-5-sonnet-20251022-v1:0` | Claude 4.5 Sonnet |
+| `bedrock/anthropic.claude-4-5-opus-20251022-v1:0` | Claude 4.5 Opus |
+| `bedrock/anthropic.claude-4-5-haiku-20251022-v1:0` | Claude 4.5 Haiku |
+| `bedrock/amazon.titan-text-premier-v2:0` | Amazon Titan Premier v2 |
+
+## Prerequisites
+
+1. Enable model access in the AWS Bedrock console
+2. Ensure your IAM role/user has `bedrock:InvokeModel` permission
diff --git a/docs/llm-providers/local.mdx b/docs/llm-providers/local.mdx
new file mode 100644
index 0000000..8a899a5
--- /dev/null
+++ b/docs/llm-providers/local.mdx
@@ -0,0 +1,56 @@
+---
+title: "Local Models"
+description: "Run Strix with self-hosted LLMs for privacy and air-gapped testing"
+---
+
+Running Strix with local models allows for completely offline, privacy-first security assessments. Data never leaves your machine, making this ideal for sensitive internal networks or air-gapped environments.
+
+## Privacy vs Performance
+
+| Feature | Local Models | Cloud Models (GPT-5/Claude 4.5) |
+|---------|--------------|--------------------------------|
+| **Privacy** | 🔒 Data stays local | Data sent to provider |
+| **Cost** | Free (hardware only) | Pay-per-token |
+| **Reasoning** | Lower (struggles with agents) | State-of-the-art |
+| **Setup** | Complex (GPU required) | Instant |
+
+
+**Compatibility Note**: Strix relies on advanced agentic capabilities (tool use, multi-step planning, self-correction). Most local models, especially those under 70B parameters, struggle with these complex tasks.
+
+For critical assessments, we strongly recommend using state-of-the-art cloud models like **Claude 4.5 Sonnet** or **GPT-5**. Use local models only when privacy is the absolute priority.
+
+
+## Ollama
+
+[Ollama](https://ollama.ai) is the easiest way to run local models on macOS, Linux, and Windows.
+
+### Setup
+
+1. Install Ollama from [ollama.ai](https://ollama.ai)
+2. Pull a high-performance model:
+ ```bash
+ ollama pull qwen3-vl
+ ```
+3. Configure Strix:
+ ```bash
+ export STRIX_LLM="ollama/qwen3-vl"
+ export LLM_API_BASE="http://localhost:11434"
+ ```
+
+### Recommended Models
+
+We recommend these models for the best balance of reasoning and tool use:
+
+**Recommended models:**
+- **Qwen3 VL** (`ollama pull qwen3-vl`)
+- **DeepSeek V3.1** (`ollama pull deepseek-v3.1`)
+- **Devstral 2** (`ollama pull devstral-2`)
+
+## LM Studio / OpenAI Compatible
+
+If you use LM Studio, vLLM, or other runners:
+
+```bash
+export STRIX_LLM="openai/local-model"
+export LLM_API_BASE="http://localhost:1234/v1" # Adjust port as needed
+```
diff --git a/docs/llm-providers/openai.mdx b/docs/llm-providers/openai.mdx
new file mode 100644
index 0000000..77c8ea8
--- /dev/null
+++ b/docs/llm-providers/openai.mdx
@@ -0,0 +1,31 @@
+---
+title: "OpenAI"
+description: "Configure Strix with OpenAI models"
+---
+
+## Setup
+
+```bash
+export STRIX_LLM="openai/gpt-5"
+export LLM_API_KEY="sk-..."
+```
+
+## Available Models
+
+See [OpenAI Models Documentation](https://platform.openai.com/docs/models) for the full list of available models.
+
+## Get API Key
+
+1. Go to [platform.openai.com](https://platform.openai.com)
+2. Navigate to API Keys
+3. Create a new secret key
+
+## Custom Base URL
+
+For OpenAI-compatible APIs:
+
+```bash
+export STRIX_LLM="openai/gpt-5"
+export LLM_API_KEY="your-key"
+export LLM_API_BASE="https://your-proxy.com/v1"
+```
diff --git a/docs/llm-providers/openrouter.mdx b/docs/llm-providers/openrouter.mdx
new file mode 100644
index 0000000..31919c1
--- /dev/null
+++ b/docs/llm-providers/openrouter.mdx
@@ -0,0 +1,37 @@
+---
+title: "OpenRouter"
+description: "Configure Strix with models via OpenRouter"
+---
+
+[OpenRouter](https://openrouter.ai) provides access to 100+ models from multiple providers through a single API.
+
+## Setup
+
+```bash
+export STRIX_LLM="openrouter/openai/gpt-5"
+export LLM_API_KEY="sk-or-..."
+```
+
+## Available Models
+
+Access any model on OpenRouter using the format `openrouter//`:
+
+| Model | Configuration |
+|-------|---------------|
+| GPT-5 | `openrouter/openai/gpt-5` |
+| Claude 4.5 Sonnet | `openrouter/anthropic/claude-sonnet-4.5` |
+| Gemini 3 Pro | `openrouter/google/gemini-3-pro-preview` |
+| GLM-4.7 | `openrouter/z-ai/glm-4.7` |
+
+## Get API Key
+
+1. Go to [openrouter.ai](https://openrouter.ai)
+2. Sign in and navigate to Keys
+3. Create a new API key
+
+## Benefits
+
+- **Single API** — Access models from OpenAI, Anthropic, Google, Meta, and more
+- **Fallback routing** — Automatic failover between providers
+- **Cost tracking** — Monitor usage across all models
+- **Higher rate limits** — OpenRouter handles provider limits for you
diff --git a/docs/llm-providers/overview.mdx b/docs/llm-providers/overview.mdx
new file mode 100644
index 0000000..9027aac
--- /dev/null
+++ b/docs/llm-providers/overview.mdx
@@ -0,0 +1,61 @@
+---
+title: "Overview"
+description: "Configure your AI model for Strix"
+---
+
+Strix uses [LiteLLM](https://docs.litellm.ai/docs/providers) for model compatibility, supporting 100+ LLM providers.
+
+## Recommended Models
+
+For best results, use one of these models:
+
+| Model | Provider | Configuration |
+| ----------------- | ------------- | -------------------------------- |
+| GPT-5 | OpenAI | `openai/gpt-5` |
+| Claude 4.5 Sonnet | Anthropic | `anthropic/claude-sonnet-4-5` |
+| Gemini 3 Pro | Google Vertex | `vertex_ai/gemini-3-pro-preview` |
+
+## Quick Setup
+
+```bash
+export STRIX_LLM="openai/gpt-5"
+export LLM_API_KEY="your-api-key"
+```
+
+## Provider Guides
+
+
+
+ GPT-5 and Codex models.
+
+
+ Claude 4.5 Sonnet, Opus, and Haiku.
+
+
+ Access 100+ models through a single API.
+
+
+ Gemini 3 models via Google Cloud.
+
+
+ Claude 4.5 and Titan models via AWS.
+
+
+ GPT-5 via Azure.
+
+
+ Llama 4, Mistral, and self-hosted models.
+
+
+
+## Model Format
+
+Use LiteLLM's `provider/model-name` format:
+
+```
+openai/gpt-5
+anthropic/claude-sonnet-4-5
+vertex_ai/gemini-3-pro-preview
+bedrock/anthropic.claude-4-5-sonnet-20251022-v1:0
+ollama/llama4
+```
diff --git a/docs/llm-providers/vertex.mdx b/docs/llm-providers/vertex.mdx
new file mode 100644
index 0000000..18c6ecc
--- /dev/null
+++ b/docs/llm-providers/vertex.mdx
@@ -0,0 +1,53 @@
+---
+title: "Google Vertex AI"
+description: "Configure Strix with Gemini models via Google Cloud"
+---
+
+## Installation
+
+Vertex AI requires the Google Cloud dependency. Install Strix with the vertex extra:
+
+```bash
+pipx install "strix-agent[vertex]"
+```
+
+## Setup
+
+```bash
+export STRIX_LLM="vertex_ai/gemini-3-pro-preview"
+```
+
+No API key required—uses Google Cloud Application Default Credentials.
+
+## Authentication
+
+### Option 1: gcloud CLI
+
+```bash
+gcloud auth application-default login
+```
+
+### Option 2: Service Account
+
+```bash
+export GOOGLE_APPLICATION_CREDENTIALS="/path/to/service-account.json"
+```
+
+## Available Models
+
+| Model | Description |
+|-------|-------------|
+| `vertex_ai/gemini-3-pro-preview` | Best overall performance for security testing |
+| `vertex_ai/gemini-3-flash-preview` | Faster and cheaper |
+
+## Project Configuration
+
+```bash
+export VERTEXAI_PROJECT="your-project-id"
+export VERTEXAI_LOCATION="us-central1"
+```
+
+## Prerequisites
+
+1. Enable the Vertex AI API in your Google Cloud project
+2. Ensure your account has the `Vertex AI User` role
diff --git a/docs/logo/strix.png b/docs/logo/strix.png
new file mode 100644
index 0000000..699eb83
Binary files /dev/null and b/docs/logo/strix.png differ
diff --git a/docs/quickstart.mdx b/docs/quickstart.mdx
new file mode 100644
index 0000000..487caae
--- /dev/null
+++ b/docs/quickstart.mdx
@@ -0,0 +1,76 @@
+---
+title: "Quick Start"
+description: "Install Strix and run your first security scan"
+---
+
+## Prerequisites
+
+- Docker (running)
+- An LLM provider API key (OpenAI, Anthropic, or local model)
+
+## Installation
+
+
+
+ ```bash
+ curl -sSL https://strix.ai/install | bash
+ ```
+
+
+ ```bash
+ pipx install strix-agent
+ ```
+
+
+
+## Configuration
+
+Set your LLM provider:
+
+```bash
+export STRIX_LLM="openai/gpt-5"
+export LLM_API_KEY="your-api-key"
+```
+
+
+For best results, use `openai/gpt-5`, `anthropic/claude-sonnet-4-5`, or `vertex_ai/gemini-3-pro-preview`.
+
+
+## Run Your First Scan
+
+```bash
+strix --target ./your-app
+```
+
+
+First run pulls the Docker sandbox image automatically. Results are saved to `strix_runs/`.
+
+
+## Target Types
+
+Strix accepts multiple target types:
+
+```bash
+# Local codebase
+strix --target ./app-directory
+
+# GitHub repository
+strix --target https://github.com/org/repo
+
+# Live web application
+strix --target https://your-app.com
+
+# Multiple targets (white-box testing)
+strix -t https://github.com/org/repo -t https://your-app.com
+```
+
+## Next Steps
+
+
+
+ Explore all command-line options.
+
+
+ Choose the right scan depth.
+
+
diff --git a/docs/tools/browser.mdx b/docs/tools/browser.mdx
new file mode 100644
index 0000000..7220d9c
--- /dev/null
+++ b/docs/tools/browser.mdx
@@ -0,0 +1,34 @@
+---
+title: "Browser"
+description: "Playwright-powered Chrome for web application testing"
+---
+
+Strix uses a headless Chrome browser via Playwright to interact with web applications exactly like a real user would.
+
+## How It Works
+
+All browser traffic is automatically routed through the Caido proxy, giving Strix full visibility into every request and response. This enables:
+
+- Testing client-side vulnerabilities (XSS, DOM manipulation)
+- Navigating authenticated flows (login, OAuth, MFA)
+- Triggering JavaScript-heavy functionality
+- Capturing dynamically generated requests
+
+## Capabilities
+
+| Action | Description |
+| ---------- | ------------------------------------------- |
+| Navigate | Go to URLs, follow links, handle redirects |
+| Click | Interact with buttons, links, form elements |
+| Type | Fill in forms, search boxes, input fields |
+| Execute JS | Run custom JavaScript in the page context |
+| Screenshot | Capture visual state for reports |
+| Multi-tab | Test across multiple browser tabs |
+
+## Example Flow
+
+1. Agent launches browser and navigates to login page
+2. Fills in credentials and submits form
+3. Proxy captures the authentication request
+4. Agent navigates to protected areas
+5. Tests for IDOR by replaying requests with modified IDs
diff --git a/docs/tools/overview.mdx b/docs/tools/overview.mdx
new file mode 100644
index 0000000..4a5db0a
--- /dev/null
+++ b/docs/tools/overview.mdx
@@ -0,0 +1,33 @@
+---
+title: "Agent Tools"
+description: "How Strix agents interact with targets"
+---
+
+Strix agents use specialized tools to test your applications like a real penetration tester would.
+
+## Core Tools
+
+
+
+ Playwright-powered Chrome for interacting with web UIs.
+
+
+ Caido-powered proxy for intercepting and replaying requests.
+
+
+ Bash shell for running commands and security tools.
+
+
+ Pre-installed security tools: Nuclei, ffuf, and more.
+
+
+
+## Additional Tools
+
+| Tool | Purpose |
+| -------------- | ---------------------------------------- |
+| Python Runtime | Write and execute custom exploit scripts |
+| File Editor | Read and modify source code |
+| Web Search | Real-time OSINT via Perplexity |
+| Notes | Document findings during the scan |
+| Reporting | Generate vulnerability reports with PoCs |
diff --git a/docs/tools/proxy.mdx b/docs/tools/proxy.mdx
new file mode 100644
index 0000000..f870bad
--- /dev/null
+++ b/docs/tools/proxy.mdx
@@ -0,0 +1,90 @@
+---
+title: "HTTP Proxy"
+description: "Caido-powered proxy for request interception and replay"
+---
+
+Strix includes [Caido](https://caido.io), a modern HTTP proxy built for security testing. All browser traffic flows through Caido, giving the agent full control over requests and responses.
+
+## Capabilities
+
+| Feature | Description |
+| ---------------- | -------------------------------------------- |
+| Request Capture | Log all HTTP/HTTPS traffic automatically |
+| Request Replay | Repeat any request with modifications |
+| HTTPQL | Query captured traffic with powerful filters |
+| Scope Management | Focus on specific domains or paths |
+| Sitemap | Visualize the discovered attack surface |
+
+## HTTPQL Filtering
+
+Query captured requests using Caido's HTTPQL syntax
+
+## Request Replay
+
+The agent can take any captured request and replay it with modifications:
+
+- Change path parameters (test for IDOR)
+- Modify request body (test for injection)
+- Add/remove headers (test for auth bypass)
+- Alter cookies (test for session issues)
+
+## Python Integration
+
+All proxy functions are automatically available in Python sessions. This enables powerful scripted security testing:
+
+```python
+# List recent POST requests
+post_requests = list_requests(
+ httpql_filter='req.method.eq:"POST"',
+ page_size=20
+)
+
+# View a specific request
+request_details = view_request("req_123", part="request")
+
+# Replay with modified payload
+response = repeat_request("req_123", {
+ "body": '{"user_id": "admin"}'
+})
+print(f"Status: {response['status_code']}")
+```
+
+### Available Functions
+
+| Function | Description |
+| ---------------------- | ------------------------------------------ |
+| `list_requests()` | Query captured traffic with HTTPQL filters |
+| `view_request()` | Get full request/response details |
+| `repeat_request()` | Replay a request with modifications |
+| `send_request()` | Send a new HTTP request |
+| `scope_rules()` | Manage proxy scope (allowlist/denylist) |
+| `list_sitemap()` | View discovered endpoints |
+| `view_sitemap_entry()` | Get details for a sitemap entry |
+
+### Example: Automated IDOR Testing
+
+```python
+# Get all requests to user endpoints
+user_requests = list_requests(
+ httpql_filter='req.path.cont:"/users/"'
+)
+
+for req in user_requests.get('requests', []):
+ # Try accessing with different user IDs
+ for test_id in ['1', '2', 'admin', '../admin']:
+ response = repeat_request(req['id'], {
+ 'url': req['path'].replace('/users/1', f'/users/{test_id}')
+ })
+
+ if response['status_code'] == 200:
+ print(f"Potential IDOR: {test_id} returned 200")
+```
+
+## Scope
+
+Create scopes to filter traffic to relevant domains:
+
+```
+Allowlist: ["api.example.com", "*.example.com"]
+Denylist: ["*.gif", "*.jpg", "*.png", "*.css", "*.js"]
+```
diff --git a/docs/tools/sandbox.mdx b/docs/tools/sandbox.mdx
new file mode 100644
index 0000000..c9043b9
--- /dev/null
+++ b/docs/tools/sandbox.mdx
@@ -0,0 +1,83 @@
+---
+title: "Sandbox Tools"
+description: "Pre-installed security tools in the Strix container"
+---
+
+Strix runs inside a Kali Linux-based Docker container with a comprehensive set of security tools pre-installed. The agent can use any of these tools through the [terminal](/tools/terminal).
+
+## Reconnaissance
+
+| Tool | Description |
+| ---------------------------------------------------------- | -------------------------------------- |
+| [Subfinder](https://github.com/projectdiscovery/subfinder) | Subdomain discovery |
+| [Naabu](https://github.com/projectdiscovery/naabu) | Fast port scanner |
+| [httpx](https://github.com/projectdiscovery/httpx) | HTTP probing and analysis |
+| [Katana](https://github.com/projectdiscovery/katana) | Web crawling and spidering |
+| [ffuf](https://github.com/ffuf/ffuf) | Fast web fuzzer |
+| [Nmap](https://nmap.org) | Network scanning and service detection |
+
+## Web Testing
+
+| Tool | Description |
+| ------------------------------------------------------ | -------------------------------- |
+| [Arjun](https://github.com/s0md3v/Arjun) | HTTP parameter discovery |
+| [Dirsearch](https://github.com/maurosoria/dirsearch) | Directory and file brute-forcing |
+| [wafw00f](https://github.com/EnableSecurity/wafw00f) | WAF fingerprinting |
+| [GoSpider](https://github.com/jaeles-project/gospider) | Web spider for link extraction |
+
+## Automated Scanners
+
+| Tool | Description |
+| ---------------------------------------------------- | -------------------------------------------------- |
+| [Nuclei](https://github.com/projectdiscovery/nuclei) | Template-based vulnerability scanner |
+| [SQLMap](https://sqlmap.org) | Automatic SQL injection detection and exploitation |
+| [Wapiti](https://wapiti-scanner.github.io) | Web application vulnerability scanner |
+| [ZAP](https://zaproxy.org) | OWASP Zed Attack Proxy |
+
+## JavaScript Analysis
+
+| Tool | Description |
+| -------------------------------------------------------- | ------------------------------ |
+| [JS-Snooper](https://github.com/aravind0x7/JS-Snooper) | JavaScript reconnaissance |
+| [jsniper](https://github.com/xchopath/jsniper.sh) | JavaScript file analysis |
+| [Retire.js](https://retirejs.github.io/retire.js) | Detect vulnerable JS libraries |
+| [ESLint](https://eslint.org) | JavaScript static analysis |
+| [js-beautify](https://github.com/beautifier/js-beautify) | JavaScript deobfuscation |
+| [JSHint](https://jshint.com) | JavaScript code quality tool |
+
+## Secret Detection
+
+| Tool | Description |
+| ----------------------------------------------------------- | ------------------------------------- |
+| [TruffleHog](https://github.com/trufflesecurity/trufflehog) | Find secrets in code and history |
+| [Semgrep](https://github.com/semgrep/semgrep) | Static analysis for security patterns |
+| [Bandit](https://bandit.readthedocs.io) | Python security linter |
+
+## Authentication Testing
+
+| Tool | Description |
+| ------------------------------------------------------------ | ---------------------------------- |
+| [jwt_tool](https://github.com/ticarpi/jwt_tool) | JWT token testing and exploitation |
+| [Interactsh](https://github.com/projectdiscovery/interactsh) | Out-of-band interaction detection |
+
+## Container & Supply Chain
+
+| Tool | Description |
+| -------------------------- | ---------------------------------------------- |
+| [Trivy](https://trivy.dev) | Container and dependency vulnerability scanner |
+
+## HTTP Proxy
+
+| Tool | Description |
+| ------------------------- | --------------------------------------------- |
+| [Caido](https://caido.io) | Modern HTTP proxy for interception and replay |
+
+## Browser
+
+| Tool | Description |
+| ------------------------------------ | --------------------------- |
+| [Playwright](https://playwright.dev) | Headless browser automation |
+
+
+ All tools are pre-configured and ready to use. The agent selects the appropriate tool based on the vulnerability being tested.
+
diff --git a/docs/tools/terminal.mdx b/docs/tools/terminal.mdx
new file mode 100644
index 0000000..4b28bc7
--- /dev/null
+++ b/docs/tools/terminal.mdx
@@ -0,0 +1,61 @@
+---
+title: "Terminal"
+description: "Bash shell for running commands and security tools"
+---
+
+Strix has access to a persistent bash terminal running inside the Docker sandbox. This gives the agent access to all [pre-installed security tools](/tools/sandbox).
+
+## Capabilities
+
+| Feature | Description |
+| ----------------- | ---------------------------------------------------------- |
+| Persistent state | Working directory and environment persist between commands |
+| Multiple sessions | Run parallel terminals for concurrent operations |
+| Background jobs | Start long-running processes without blocking |
+| Interactive | Respond to prompts and control running processes |
+
+## Common Uses
+
+### Running Security Tools
+
+```bash
+# Subdomain enumeration
+subfinder -d example.com
+
+# Vulnerability scanning
+nuclei -u https://example.com
+
+# SQL injection testing
+sqlmap -u "https://example.com/page?id=1"
+```
+
+### Code Analysis
+
+```bash
+# Search for secrets
+trufflehog filesystem ./
+
+# Static analysis
+semgrep --config auto ./src
+
+# Grep for patterns
+grep -r "password" ./
+```
+
+### Custom Scripts
+
+```bash
+# Run Python exploits
+python3 exploit.py
+
+# Execute shell scripts
+./test_auth_bypass.sh
+```
+
+## Session Management
+
+The agent can run multiple terminal sessions concurrently, for example:
+
+- Main session for primary testing
+- Secondary session for monitoring
+- Background processes for servers or watchers
diff --git a/docs/usage/cli.mdx b/docs/usage/cli.mdx
new file mode 100644
index 0000000..75d935c
--- /dev/null
+++ b/docs/usage/cli.mdx
@@ -0,0 +1,58 @@
+---
+title: "CLI Reference"
+description: "Command-line options for Strix"
+---
+
+## Basic Usage
+
+```bash
+strix --target [options]
+```
+
+## Options
+
+
+ Target to test. Accepts URLs, repositories, local directories, domains, or IP addresses. Can be specified multiple times.
+
+
+
+ Custom instructions for the scan. Use for credentials, focus areas, or specific testing approaches.
+
+
+
+ Path to a file containing detailed instructions.
+
+
+
+ Scan depth: `quick`, `standard`, or `deep`.
+
+
+
+ Run in headless mode without TUI. Ideal for CI/CD.
+
+
+## Examples
+
+```bash
+# Basic scan
+strix --target https://example.com
+
+# Authenticated testing
+strix --target https://app.com --instruction "Use credentials: user:pass"
+
+# Focused testing
+strix --target api.example.com --instruction "Focus on IDOR and auth bypass"
+
+# CI/CD mode
+strix -n --target ./ --scan-mode quick
+
+# Multi-target white-box testing
+strix -t https://github.com/org/app -t https://staging.example.com
+```
+
+## Exit Codes
+
+| Code | Meaning |
+|------|---------|
+| 0 | Scan completed, no vulnerabilities found |
+| 2 | Vulnerabilities found (headless mode only) |
diff --git a/docs/usage/instructions.mdx b/docs/usage/instructions.mdx
new file mode 100644
index 0000000..daac24b
--- /dev/null
+++ b/docs/usage/instructions.mdx
@@ -0,0 +1,73 @@
+---
+title: "Custom Instructions"
+description: "Guide Strix with custom testing instructions"
+---
+
+Use instructions to provide context, credentials, or focus areas for your scan.
+
+## Inline Instructions
+
+```bash
+strix --target https://app.com --instruction "Focus on authentication vulnerabilities"
+```
+
+## File-Based Instructions
+
+For complex instructions, use a file:
+
+```bash
+strix --target https://app.com --instruction-file ./pentest-instructions.md
+```
+
+## Common Use Cases
+
+### Authenticated Testing
+
+```bash
+strix --target https://app.com \
+ --instruction "Login with email: test@example.com, password: TestPass123"
+```
+
+### Focused Scope
+
+```bash
+strix --target https://api.example.com \
+ --instruction "Focus on IDOR vulnerabilities in the /api/users endpoints"
+```
+
+### Exclusions
+
+```bash
+strix --target https://app.com \
+ --instruction "Do not test /admin or /internal endpoints"
+```
+
+### API Testing
+
+```bash
+strix --target https://api.example.com \
+ --instruction "Use API key header: X-API-Key: abc123. Focus on rate limiting bypass."
+```
+
+## Instruction File Example
+
+```markdown instructions.md
+# Penetration Test Instructions
+
+## Credentials
+- Admin: admin@example.com / AdminPass123
+- User: user@example.com / UserPass123
+
+## Focus Areas
+1. IDOR in user profile endpoints
+2. Privilege escalation between roles
+3. JWT token manipulation
+
+## Out of Scope
+- /health endpoints
+- Third-party integrations
+```
+
+
+Be specific. Good instructions help Strix prioritize the most valuable attack paths.
+
diff --git a/docs/usage/scan-modes.mdx b/docs/usage/scan-modes.mdx
new file mode 100644
index 0000000..73ed84d
--- /dev/null
+++ b/docs/usage/scan-modes.mdx
@@ -0,0 +1,58 @@
+---
+title: "Scan Modes"
+description: "Choose the right scan depth for your use case"
+---
+
+Strix offers three scan modes to balance speed and thoroughness.
+
+## Quick
+
+```bash
+strix --target ./app --scan-mode quick
+```
+
+Fast checks for obvious vulnerabilities. Best for:
+- CI/CD pipelines
+- Pull request validation
+- Rapid smoke tests
+
+**Duration**: Minutes
+
+## Standard
+
+```bash
+strix --target ./app --scan-mode standard
+```
+
+Balanced testing for routine security reviews. Best for:
+- Regular security assessments
+- Pre-release validation
+- Development milestones
+
+**Duration**: 30 minutes to 1 hour
+
+## Deep
+
+```bash
+strix --target ./app --scan-mode deep
+```
+
+Thorough penetration testing. Best for:
+- Comprehensive security audits
+- Pre-production reviews
+- Critical application assessments
+
+**Duration**: 1-4 hours depending on target complexity
+
+
+Deep mode is the default. It explores edge cases, chained vulnerabilities, and complex attack paths.
+
+
+## Choosing a Mode
+
+| Scenario | Recommended Mode |
+|----------|------------------|
+| Every PR | Quick |
+| Weekly scans | Standard |
+| Before major release | Deep |
+| Bug bounty hunting | Deep |