ai-firewall

Wire local AI clients to the Vulnetix AI Firewall gateway, and manage the policy it enforces.

vulnetix ai-firewall
├── install     [client...]   wire the AI clients on this machine
├── uninstall   [client...]   remove the wiring
├── status                    what is wired, and where it conflicts with policy
├── policy      provider | model | guardrail
├── key         set | remove
├── settings                  org-wide toggles
├── get                       show the current policy
├── apply                     reconcile policy from a file
├── export                    write the live policy to a file
├── baseline                  the server's recommended guardrails
└── snippet                   ready-to-run code wired to the gateway

Full documentation: AI Firewall.

Common flags

Available on every subcommand that talks to the API:

FlagDefaultMeaning
--base-urlthe VDB APIVulnetix API base URL
--gateway-urlhttps://guardrails.vulnetix.comAI Firewall gateway
-o, --outputprettypretty or json

install

vulnetix ai-firewall install [client...]

Clients: shell, env, claude-code, codex, continue, aider, cursor, windsurf. With no arguments, every client detected on this machine is wired. Only providers with a stored key are wired.

FlagMeaning
--provider <slug>Wire only these providers (repeatable)
--model <slug>Pin a default model in agent configs
--scope user|projectWhere to write
--embed-keyWrite the literal key rather than $VULNETIX_API_KEY
--create-envCreate a project .env if none exists
--dry-runPrint the plan; write nothing

uninstall

vulnetix ai-firewall uninstall [client...] [--all] [--except a,b]

Local files only; no authentication needed. Exactly one selector is required.

FlagMeaning
--allEvery client
--except a,bEvery client except these
--dry-runPrint the plan; write nothing

status

vulnetix ai-firewall status [--strict]

--strict exits non-zero on any error-level check. Exits 0 with findings otherwise, so it is safe in a shell prompt.

policy

vulnetix ai-firewall policy provider <slug>  --allow | --deny | --clear
vulnetix ai-firewall policy model <slug>     --allow | --deny | --remove
                                             (--provider <slug> | --any-provider)
vulnetix ai-firewall policy guardrail <name> --rule-type --action --pattern
                                             [--priority] [--enable|--disable]
                                             [--uuid] [--delete]

--rule-type: blocked_pattern, max_messages, pii_redact. --action: block, redact, flag. Patterns are Go RE2 — no lookahead or lookbehind.

Also spelled vulnetix config set ai-firewall <sub>; both run the same code.

key

vulnetix ai-firewall key set <provider> --from-env VAR | --stdin | --key <literal>
vulnetix ai-firewall key remove <provider>

The key is write-only: no command returns it. --key warns, because it lands in your shell history.

settings

vulnetix ai-firewall settings --logs | --no-logs

Inference logging records metadata only — model, decision, matched guardrails, tokens, latency. Never prompts or completions. Paid plans.

get / export

vulnetix ai-firewall get [-o json]
vulnetix ai-firewall export [-f FILE] [--stdout] [--force]

apply

vulnetix ai-firewall apply [-f .vulnetix/ai-firewall.yaml] [--dry-run]
FlagMeaning
-f, --filePolicy file (default .vulnetix/ai-firewall.yaml)
--dry-runPrint the plan; change nothing
--pruneDelete server objects the file does not mention
--no-baselineDo not compose in the recommended guardrails
--baseline-requiredFail if the baseline cannot be fetched (CI)
--catalogLocal baseline file instead of the server’s
--forceApply despite a metadata.org mismatch

baseline

vulnetix ai-firewall baseline [--ref recommended] [--catalog FILE]

snippet

vulnetix ai-firewall snippet --lang python --sdk openai
FlagValues
--langpython, ts, go, sh
--sdkopenai, anthropic, vercel-ai, langchain, llamaindex, curl
--providerProvider slug (default: the first with a stored key)
--modelModel (default: one the org allows)
--output-fileWrite to a file instead of stdout
--forceOverwrite the output file

Exit codes

CodeMeaning
0Success
1Failure — auth, network, invalid flags or policy file, status --strict with an error-level check