docs: add documentation to main repository

docs/advanced/configuration.mdx

@@ -0,0 +1,88 @@
+---
+title: "Configuration"
+description: "Environment variables for Strix"
+---
+
+Configure Strix using environment variables.
+
+## LLM Configuration
+
+<ParamField path="STRIX_LLM" type="string" required>
+  Model name in LiteLLM format (e.g., `openai/gpt-5`, `anthropic/claude-sonnet-4-5`).
+</ParamField>
+
+<ParamField path="LLM_API_KEY" type="string">
+  API key for your LLM provider. Not required for local models or cloud provider auth (Vertex AI, AWS Bedrock).
+</ParamField>
+
+<ParamField path="LLM_API_BASE" type="string">
+  Custom API base URL. Also accepts `OPENAI_API_BASE`, `LITELLM_BASE_URL`, or `OLLAMA_API_BASE`.
+</ParamField>
+
+<ParamField path="LLM_TIMEOUT" default="300" type="integer">
+  Request timeout in seconds for LLM calls.
+</ParamField>
+
+<ParamField path="LLM_RATE_LIMIT_DELAY" type="float">
+  Delay in seconds between LLM requests for rate limiting.
+</ParamField>
+
+<ParamField path="LLM_RATE_LIMIT_CONCURRENT" type="integer">
+  Maximum concurrent LLM requests.
+</ParamField>
+
+<ParamField path="STRIX_REASONING_EFFORT" default="high" type="string">
+  Control thinking effort for reasoning models. Valid values: `none`, `minimal`, `low`, `medium`, `high`, `xhigh`. Defaults to `medium` for quick scan mode.
+</ParamField>
+
+## Optional Features
+
+<ParamField path="PERPLEXITY_API_KEY" type="string">
+  API key for Perplexity AI. Enables real-time web search during scans for OSINT and vulnerability research.
+</ParamField>
+
+## Docker Configuration
+
+<ParamField path="STRIX_IMAGE" default="ghcr.io/usestrix/strix-sandbox:0.1.10" type="string">
+  Docker image to use for the sandbox container.
+</ParamField>
+
+<ParamField path="DOCKER_HOST" type="string">
+  Docker daemon socket path. Use for remote Docker hosts or custom configurations.
+</ParamField>
+
+<ParamField path="STRIX_RUNTIME_BACKEND" default="docker" type="string">
+  Runtime backend for the sandbox environment.
+</ParamField>
+
+## Sandbox Configuration
+
+<ParamField path="STRIX_SANDBOX_EXECUTION_TIMEOUT" default="500" type="float">
+  Maximum execution time in seconds for sandbox operations.
+</ParamField>
+
+<ParamField path="STRIX_SANDBOX_CONNECT_TIMEOUT" default="10" type="float">
+  Timeout in seconds for connecting to the sandbox container.
+</ParamField>
+
+<ParamField path="STRIX_DISABLE_BROWSER" default="false" type="boolean">
+  Disable browser tool.
+</ParamField>
+
+## Example Setup
+
+```bash
+# Required
+export STRIX_LLM="openai/gpt-5"
+export LLM_API_KEY="sk-..."
+
+# Optional: Enable web search
+export PERPLEXITY_API_KEY="pplx-..."
+
+# Optional: Custom timeouts
+export LLM_TIMEOUT="600"
+export STRIX_SANDBOX_EXECUTION_TIMEOUT="1000"
+
+# Optional: Use custom Docker image
+export STRIX_IMAGE="ghcr.io/usestrix/strix-sandbox:latest"
+```

docs/advanced/skills.mdx

@@ -0,0 +1,119 @@
+---
+title: "Skills"
+description: "Specialized knowledge packages that enhance agent capabilities"
+---
+
+Skills are structured knowledge packages that give Strix agents deep expertise in specific vulnerability types, technologies, and testing methodologies.
+
+## The Idea
+
+LLMs have broad but shallow security knowledge. They know _about_ SQL injection, but lack the nuanced techniques that experienced pentesters use—parser quirks, bypass methods, validation tricks, and chain attacks.
+
+Skills inject this deep, specialized knowledge directly into the agent's context, transforming it from a generalist into a specialist for the task at hand.
+
+## How They Work
+
+When Strix spawns an agent for a specific task, it selects up to 5 relevant skills based on the context:
+
+```python
+# Agent created for JWT testing automatically loads relevant skills
+create_agent(
+    task="Test authentication mechanisms",
+    skills=["authentication_jwt", "business_logic"]
+)
+```
+
+The skills are injected into the agent's system prompt, giving it access to:
+
+- **Advanced techniques** — Non-obvious methods beyond standard testing
+- **Working payloads** — Practical examples with variations
+- **Validation methods** — How to confirm findings and avoid false positives
+
+## Skill Categories
+
+### Vulnerabilities
+
+Core vulnerability classes with deep exploitation techniques.
+
+| Skill                                 | Coverage                                               |
+| ------------------------------------- | ------------------------------------------------------ |
+| `authentication_jwt`                  | JWT attacks, algorithm confusion, claim tampering      |
+| `idor`                                | Object reference attacks, horizontal/vertical access   |
+| `sql_injection`                       | SQL injection variants, WAF bypasses, blind techniques |
+| `xss`                                 | XSS types, filter bypasses, DOM exploitation           |
+| `ssrf`                                | Server-side request forgery, protocol handlers         |
+| `csrf`                                | Cross-site request forgery, token bypasses             |
+| `xxe`                                 | XML external entities, OOB exfiltration                |
+| `rce`                                 | Remote code execution vectors                          |
+| `business_logic`                      | Logic flaws, state manipulation, race conditions       |
+| `race_conditions`                     | TOCTOU, parallel request attacks                       |
+| `path_traversal_lfi_rfi`              | File inclusion, path traversal                         |
+| `open_redirect`                       | Redirect bypasses, URL parsing tricks                  |
+| `mass_assignment`                     | Attribute injection, hidden parameter pollution        |
+| `insecure_file_uploads`               | Upload bypasses, extension tricks                      |
+| `information_disclosure`              | Data leakage, error-based enumeration                  |
+| `subdomain_takeover`                  | Dangling DNS, cloud resource claims                    |
+| `broken_function_level_authorization` | Privilege escalation, role bypasses                    |
+
+### Frameworks
+
+Framework-specific testing patterns.
+
+| Skill     | Coverage                                     |
+| --------- | -------------------------------------------- |
+| `fastapi` | FastAPI security patterns, Pydantic bypasses |
+| `nextjs`  | Next.js SSR/SSG issues, API route security   |
+
+### Technologies
+
+Third-party service and platform security.
+
+| Skill                | Coverage                           |
+| -------------------- | ---------------------------------- |
+| `supabase`           | Supabase RLS bypasses, auth issues |
+| `firebase_firestore` | Firestore rules, Firebase auth     |
+
+### Protocols
+
+Protocol-specific testing techniques.
+
+| Skill     | Coverage                                         |
+| --------- | ------------------------------------------------ |
+| `graphql` | GraphQL introspection, batching, resolver issues |
+
+## Skill Structure
+
+Each skill uses XML-style tags for structure:
+
+```xml
+<vulnerability_guide>
+  <title>NAME</title>
+
+  <critical>Key insight about this vulnerability</critical>
+
+  <scope>What this skill covers</scope>
+
+  <methodology>Step-by-step testing approach</methodology>
+
+  <discovery_techniques>How to find it</discovery_techniques>
+
+  <exploitation_techniques>How to exploit it</exploitation_techniques>
+
+  <bypass_techniques>How to bypass protections</bypass_techniques>
+
+  <validation>How to confirm findings</validation>
+
+  <false_positives>What to watch out for</false_positives>
+
+  <pro_tips>Additional Expert advice</pro_tips>
+</vulnerability_guide>
+```
+
+## Contributing Skills
+
+Community contributions are welcome. Good skills include:
+
+1. **Real-world techniques** — Methods that work in practice
+2. **Practical payloads** — Working examples with variations
+3. **Validation steps** — How to confirm without false positives
+4. **Context awareness** — Version/environment-specific behavior