feat: Better source-aware testing (#391)

2026-03-31 14:53:49 -04:00
parent 7d5a45deaf
commit e78c931e4e
31 changed files with 2398 additions and 106 deletions
--- a/README.md
+++ b/README.md
@@ -168,11 +168,17 @@ strix --target https://your-app.com --instruction "Perform authenticated testing
 # Multi-target testing (source code + deployed app)
 strix -t https://github.com/org/app -t https://your-app.com

+# White-box source-aware scan (local repository)
+strix --target ./app-directory --scan-mode standard
+
 # Focused testing with custom instructions
 strix --target api.your-app.com --instruction "Focus on business logic flaws and IDOR vulnerabilities"

 # Provide detailed instructions through file (e.g., rules of engagement, scope, exclusions)
 strix --target api.your-app.com --instruction-file ./instruction.md
+
+# Force PR diff-scope against a specific base branch
+strix -n --target ./ --scan-mode quick --scope-mode diff --diff-base origin/main
 ```

 ### Headless Mode
@@ -198,6 +204,8 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v6
+        with:
+          fetch-depth: 0

      - name: Install Strix
        run: curl -sSL https://strix.ai/install | bash
@@ -210,6 +218,11 @@ jobs:
        run: strix -n -t ./ --scan-mode quick
 ```

+> [!TIP]
+> In CI pull request runs, Strix automatically scopes quick reviews to changed files.
+> If diff-scope cannot resolve, ensure checkout uses full history (`fetch-depth: 0`) or pass
+> `--diff-base` explicitly.
+
 ### Configuration

 ```bash