Getting Started
Quick Start
Get Ribix running against your staging environment in under five minutes. Ribix acts like a real user - clicking, submitting forms, calling APIs - and files a detailed bug report with a failing test and a proposed fix for everything it finds.
Prerequisites
- A GitHub repository - Ribix connects your codebase to write tests and open PRs.
- A staging environment URL (e.g.
https://staging.example.com) - must be HTTPS and reachable from Ribix infrastructure. - Node.js 18+ for the CLI.
Install & connect
Install the Ribix CLI
Authenticate
Opens a browser window for GitHub OAuth. Your workspace token is stored locally.
Connect your staging environment
Ribix will prompt for an auth type (bearer token, session cookie, or none). You can update this later with ribix connect --auth bearer.
Run Ribix
The --watch flag streams findings to your terminal as they are discovered. Omit it for a single run that exits when complete.
What you should see:
If Ribix finds nothing, it exits cleanly with a 0 findings summary. That is a good result - it means the scanned flows are currently clean.
What happens next
Once ribix run starts, Ribix moves through a five-stage loop:
Ribix authenticates against your staging URL and builds a sitemap of pages and API endpoints to explore.
The browser agent navigates flows - checkout, forms, API calls - behaving like a real user. API and code quality agents run in parallel.
Each anomaly is classified by severity (P0–P3), described in plain English, and linked to the exact code path.
For each finding, Ribix writes a failing test, generates a fix diff, and runs your full test suite. You review and approve.
One click opens a GitHub PR with the test + fix. Ribix never opens a PR without explicit approval from you.
Your first finding
When Ribix discovers a bug it creates a finding. Here is what a typical finding looks like - a severity badge, plain-English description, proposed diff, and an approve/reject decision:
You can also review and approve findings from the CLI:
Ribix never creates a PR without your approval.
Every fix goes through the approve/reject gate. You always review the diff and test results first.
Next steps
- How It Works - deep dive into the agent architecture, modes, and frameworks.
- CLI Reference - full command listing with flags and examples.
- Integrations - GitHub App setup, staging requirements, test framework detection.