AI analysis grounded in the code graph — computed facts, not vibes · 2026-07-06T05:40:57Z
Strix is a Python-based tool that runs autonomous AI agents against an application's codebase or running instance to find security vulnerabilities and validate them with proof-of-concepts. It's built for developers and security teams, ships as a CLI (strix --target ./app-directory), runs the target inside a sandboxed Docker container, and produces reports (including SARIF for CI integration) rather than static-analysis-style flagged lines. Core building blocks visible in the graph include agent orchestration (strix/core/agents.py), a proxy/traffic-inspection layer (strix/tools/proxy/), a todo/task system for agents (strix/tools/todo/tools.py), and a terminal UI (strix/interface/tui/).
The repository shows active, substantive engineering — five releases from v1.0.0 to v1.0.4 in under two weeks (2026-05-26 to 2026-06-09) — alongside a steady stream of bug fixes and features (SARIF emitter, new "security skills" for OAuth/AWS/deserialization, CI/CD integration announced in the README). This period, however, shows 0 star growth despite that activity, so the commit/release cadence alone doesn't explain any recent popularity spike; whatever drove the 37,366-star count evidently happened earlier (e.g. Trendshift listing, initial launch) rather than in this window.
What changed recently, how it's actually built (from the code graph), and whether you should care. Free account — no card, no spam.