Status & checks

vulnetix ai-firewall status

Reports the organisation’s policy, which local clients are wired to the gateway, and every way the two disagree.

Vulnetix AI Firewall

  Gateway              https://guardrails.vulnetix.com
  Organization         6f2a1c3e-0000-0000-0000-000000000001
  Credential source    keyring
  Inference logging    off

Providers
  Slug       Org policy       Key      Wiring
  openai     default (allow)  stored   OPENAI_BASE_URL, OPENAI_API_BASE
  anthropic  deny             stored   ANTHROPIC_BASE_URL
  mistral    default (allow)  missing  snippet only (no SDK base-URL env var)

Guardrails
  Priority  Name                  Rule             Action  Enabled
        10  No connection strings blocked_pattern  block   true
        20  PII redaction         pii_redact       redact  true

Local clients
  Client         Scope    State            Path
  Shell          user     wired            /home/you/.zshrc
  Codex          user     wired            /home/you/.codex/config.toml
  Claude Code    project  points elsewhere /home/you/repo/.claude/settings.json
  Cursor         user     manual

Checks
  [warning] base URL is https://api.anthropic.com, not the gateway — requests from Claude Code are not screened by the AI Firewall

Client states

StateMeaning
wiredThe client’s base URL points at this organisation’s gateway.
points elsewhereThe client has a base URL, and it is not ours. Its traffic goes straight to the provider.
not wiredNo base URL configured. The client is present but unconfigured.
manualThe client keeps its base URL in application state — there is no file to read. Cursor and Windsurf.
not installedNot on this machine. Not reported.

points elsewhere is why this command exists. Every other misconfiguration surfaces eventually as an error someone has to debug. A client quietly calling api.openai.com never errors at all — it simply is not protected, and nothing tells you.

The checks

CheckSeverityWhat happens at runtimeFix
bypasses_firewallwarningNothing — and that is the problem. The request is unscreened.vulnetix ai-firewall install <client>
provider_deniederrorEvery request returns 403Allow the provider, or unwire the client
provider_key_missingerrorEvery request returns 403vulnetix ai-firewall key set <provider>
model_deniederrorEvery request returns 403Change the pinned model, or the policy
model_not_allowederrorEvery request returns 403The provider is in allowlist mode and this model is not on the list
key_env_unsetwarningRequests fail to authenticateexport VULNETIX_API_KEY=...
guardrail_pattern_invalidwarningThe rule is silently skipped — it is not enforcedFix the pattern; RE2 has no lookaround
wire_unsupportedwarningThe client cannot talk to the gateway at allSee wire formats

The error-level checks are all the same shape: a 403 you would otherwise meet at request time with no idea which of five policy stages produced it. The CLI already knows the policy and already knows what each client has pinned, so it can tell you before you ship.

Where pinned models are read from

ClientSource
Claude CodeANTHROPIC_MODEL in .claude/settings.json
Codexmodel in ~/.codex/config.toml
aidermodel: in .aider.conf.yml
Continuemodels[].model in ~/.continue/config.yaml

On environment variables

The shell client is checked against the process environment, not against what is written in your rc file. The rc file is what the CLI wrote; the environment is what an SDK will actually see — and that is the thing that decides whether traffic is proxied. A block written into .zshrc that was never sourced correctly shows as not wired.

Only variable names, and whether they are set, are read or printed. Values never are.

Exit codes

CodeMeaning
0The command ran. Findings may still have been reported.
1The command failed — or --strict was passed and an error-level check fired.

Exit 0 with findings is deliberate: it makes status safe to call from a shell prompt or a status line. Use --strict in CI, where a silent misalignment is the thing you are trying to catch:

vulnetix ai-firewall status --strict

JSON

vulnetix ai-firewall status -o json
{
  "gateway": { "baseUrl": "https://guardrails.vulnetix.com", "org": "6f2a...", "logsEnabled": false },
  "providers": [ { "slug": "openai", "orgAction": "", "hasKey": true } ],
  "guardrails": [ { "name": "PII redaction", "ruleType": "pii_redact" } ],
  "clients": [
    { "id": "codex", "name": "Codex", "scope": "user", "state": "wired",
      "path": "/home/you/.codex/config.toml", "baseUrl": "https://guardrails.vulnetix.com/openai/6f2a.../v1", "model": "gpt-5" }
  ],
  "checks": [
    { "id": "model_not_allowed", "severity": "error", "client": "codex",
      "message": "Codex has \"gpt-5\" pinned, but openai is in allowlist mode and this model is not on the list — every request returns 403 model_not_allowed" }
  ],
  "summary": { "errors": 1, "warnings": 0 }
}