feat: Better source-aware testing (#391)

2026-03-31 14:53:49 -04:00
parent 7d5a45deaf
commit e78c931e4e
31 changed files with 2398 additions and 106 deletions
--- a/docs/usage/cli.mdx
+++ b/docs/usage/cli.mdx
@@ -27,6 +27,14 @@ strix --target <target> [options]
  Scan depth: `quick`, `standard`, or `deep`.
 </ParamField>

+<ParamField path="--scope-mode" type="string" default="auto">
+  Code scope mode: `auto` (enable PR diff-scope in CI/headless runs), `diff` (force changed-files scope), or `full` (disable diff-scope).
+</ParamField>
+
+<ParamField path="--diff-base" type="string">
+  Target branch or commit to compare against (e.g., `origin/main`). Defaults to the repository's default branch.
+</ParamField>
+
 <ParamField path="--non-interactive, -n" type="boolean">
  Run in headless mode without TUI. Ideal for CI/CD.
 </ParamField>
@@ -50,6 +58,9 @@ strix --target api.example.com --instruction "Focus on IDOR and auth bypass"
 # CI/CD mode
 strix -n --target ./ --scan-mode quick

+# Force diff-scope against a specific base ref
+strix -n --target ./ --scan-mode quick --scope-mode diff --diff-base origin/main
+
 # Multi-target white-box testing
 strix -t https://github.com/org/app -t https://staging.example.com
 ```
--- a/docs/usage/scan-modes.mdx
+++ b/docs/usage/scan-modes.mdx
@@ -31,6 +31,8 @@ Balanced testing for routine security reviews. Best for:

 **Duration**: 30 minutes to 1 hour

+**White-box behavior**: Uses source-aware mapping and static triage to prioritize dynamic exploit validation paths.
+
 ## Deep

 ```bash
@@ -44,6 +46,8 @@ Thorough penetration testing. Best for:

 **Duration**: 1-4 hours depending on target complexity

+**White-box behavior**: Runs broad source-aware triage (`semgrep`, AST structural search, secrets, supply-chain checks) and then systematically validates top candidates dynamically.
+
 <Note>
 Deep mode is the default. It explores edge cases, chained vulnerabilities, and complex attack paths.
 </Note>