Install the CLI
Everything on this site can be done from the dashboard too. The CLI is faster, it can wire your local coding agents for you, and it is the only way to manage policy as code.
Install
Full instructions for every platform live in the CLI’s own docs: docs.cli.vulnetix.com/docs/getting-started. The short version:
Homebrew
brew install vulnetix/tap/vulnetix
Scoop
scoop bucket add vulnetix https://github.com/Vulnetix/scoop-bucket
scoop install vulnetix
Nix
nix profile install github:Vulnetix/cli
Go
go install github.com/Vulnetix/cli@latest
Check it worked:
vulnetix version
Log in
vulnetix auth login
This opens a browser and stores a credential under ~/.vulnetix/. It authenticates
you, the operator, so you can read and change your organisation’s firewall
policy.
Note
This is not the credential your applications send at inference time. That is the
VULNETIX_API_KEY. See your two keys — the distinction matters and it
is the most common thing people get wrong.Confirm:
vulnetix auth status
The commands you will use
| Command | What it does |
|---|---|
ai-firewall status | Show policy, keys, wired clients, and any problems |
ai-firewall key set|remove | Manage the provider-key vault |
ai-firewall install|uninstall | Wire local clients to the gateway |
ai-firewall policy provider|model|guardrail | Change policy |
ai-firewall settings | Turn inference logging on or off |
ai-firewall apply|export | Policy as code |
ai-firewall snippet | Generate working client code |
ai-firewall baseline | Adopt the recommended guardrail set |
The full flag reference for each is in the CLI documentation. This site shows them in the context of the feature they configure.
Shell completion
Worth doing — several flags (--rule-type, --action, --lang, --sdk,
--scope) have completions, and the client names on install do too.
vulnetix completion fish > ~/.config/fish/completions/vulnetix.fish
# or: bash | zsh | powershell