strix icon indicating copy to clipboard operation
strix copied to clipboard
Published 4 months ago verified publisher icon usestrix

[FEATURE] Add suppor for Claude Code

Open szybnev opened this issue 5 months ago • 3 comments

Is your feature request related to a problem? Please describe.

Currently, Strix requires LLM API keys (OpenAI, Anthropic API, etc.) which adds operational overhead - managing API keys, tracking usage/costs, and dealing with rate limits. I'm always frustrated when I need to expose API keys in CI/CD environments or when running security assessments on air-gapped systems. Additionally, for developers already using Claude Code for agentic development, it would be more convenient to use a single tool instead of managing separate API integrations.

Describe the solution you'd like

Add support for Claude Code as an LLM provider option. Claude Code is Anthropic's command-line tool for agentic coding that provides a more integrated developer experience without requiring direct API key management.

Configuration example:

# Instead of
export STRIX_LLM="anthropic/claude-sonnet-4-20250514"
export LLM_API_KEY="sk-ant-..."

# Use
export STRIX_LLM="claude-code/claude-sonnet-4.5"
strix --target ./app-directory

This would allow Strix to leverage Claude Code's existing authentication and session management, providing:

  • No need to expose API keys in environment variables
  • Better integration with existing Claude Code workflows
  • Simplified setup for developers already using Claude Code
  • Potential for better token usage optimization through Claude Code's session management

Describe alternatives you've considered

  1. Local LLM via LMStudio/Ollama - Works but requires significant local resources and doesn't match the quality of Claude models
  2. API proxy service - Building a middleware service to abstract API key management, but this adds unnecessary complexity
  3. Environment-specific key rotation - Using secrets management tools (Vault, AWS Secrets Manager), but still requires API key exposure at runtime
  4. Wrapper scripts - Creating shell scripts that inject API keys, but this is a workaround rather than a proper solution

Additional context

Claude Code is particularly well-suited for security testing workflows as it provides:

  • Better handling of long-running agentic tasks
  • Improved code analysis capabilities

This would make Strix more accessible to security teams and developers who prefer CLI-first workflows and already use Claude Code for development tasks.

Reference: https://docs.claude.com/en/docs/intro

szybnev avatar Nov 08 '25 21:11 szybnev

Would love to take this one if available

staru09 avatar Nov 09 '25 12:11 staru09

Really nice idea

Adem035 avatar Nov 15 '25 21:11 Adem035

Very important: Anthropic seriously protect him self from usage for hacking. In my real case, my colleguage has banned because he code on offensive tool. Yes, he actually not obfuscate name of tool, that's why he was banned by auto anti-fraud.

I research one interesting case about usage OpenAI Codex for autonomously solve CTF tasks. I think OpenAI Codex has less censorship for our tasks.

szybnev avatar Nov 16 '25 11:11 szybnev