Troubleshooting
“Invalid API key” / 401
By far the most common problem, and it is almost always the same cause.
You pasted a provider key where the Vulnetix key goes.
Your client’s api_key must be your Vulnetix API key, not sk-proj-…,
not sk-ant-…. The provider key lives in the vault; the gateway injects it. If your
client is carrying a provider key, it is carrying the wrong credential.
Work through it in order:
- Is it a provider key? Look at what your client is actually sending. If it
starts with
sk-, that is the bug. See your two keys. - Is the variable set in the right shell? An export in your terminal does not
reach a GUI application, an IDE, or a launchd/systemd service. This is why
vulnetix ai-firewall install shellwrites to your shell rc rather than relying on the current session. - Is the org UUID right?
unknown organisationmeans the UUID in the base URL is wrong, malformed, or the organisation is inactive. - Did you rotate the key recently? Key changes propagate within about a minute.
“No provider key configured” / 403 provider_key_missing
You authenticated fine. There is simply no key in the vault for that provider.
vulnetix ai-firewall key set openai --from-env OPENAI_API_KEY
Note this is per-provider. A key for openai does nothing for anthropic.
404 unsupported_api
Your base URL is wrong, and it is nearly always the /v1.
| Client | Base URL |
|---|---|
| OpenAI SDKs, Codex, curl | …/{provider}/{orgUuid}/v1 |
| Anthropic SDKs, Claude Code | …/anthropic/{orgUuid} — no /v1 |
The error message names the route to use instead. Also check the provider actually
serves the surface you want — only openai serves responses, only anthropic
serves messages. See base URLs.
“Model not allowed” / 403 model_not_allowed
You are in allowlist mode and did not realise. The first allow entry you add for
a provider flips it: from that moment, only explicitly allowed models pass.
vulnetix ai-firewall get # see your model entries
See the flip.
My guardrail is not firing
In order of likelihood:
The pattern does not compile. An uncompilable regex is silently skipped — the rule shows as enabled and enforces nothing. This is the big one.
vulnetix ai-firewall status # reports guardrail_pattern_invalidYou used a lookahead or a backreference. RE2 supports neither. See the regex reference.
The rule is disabled.
vulnetix ai-firewall get.An earlier rule blocked first. A block short-circuits, so nothing after it runs. Check your
priorityvalues.The traffic is not going through the firewall at all. See below.
My guardrail is firing constantly
See tuning false positives. Usually the
pattern is matching on length rather than structure — [0-9]{9} matches half the
internet; \bEMP-[0-9]{6}\b does not.
Prompt-injection rules fire a lot by nature, because people legitimately discuss
prompt injection. Consider running those at flag permanently.
The model gives strange answers about “[REDACTED]”
Your redaction rule is working. Redaction is silent — the request succeeds and the client is never told.
Either the rule is too broad (narrow the pattern), or the model genuinely needs that data and redaction is the wrong tool (block instead, or exempt the path by narrowing the rule).
Tell your developers you redact. A silent rewrite they do not know about looks like a broken model.
Traffic is not reaching the firewall at all
vulnetix ai-firewall status
Look for bypasses_firewall, and for a client showing points elsewhere.
Then prove it end to end — add a canary rule and confirm you get a 403 rather than an
answer. Verify walks through it.
Claude Code will not connect
ANTHROPIC_API_KEYmust be explicitly empty, not merely unset. A cached Anthropic credential otherwise takes precedence and you will talk to Anthropic directly.- Log out of any previous Anthropic session —
/logoutinside Claude Code. - Check the base URL has no
/v1. /statusinside Claude Code shows the base URL it is actually using. That is the ground truth.
See Claude Code.
Claude Desktop’s model picker is empty
The picker is populated from GET /v1/models. An empty list usually means you are in
allowlist mode and have not allowed any Anthropic
models, or you denied them all.
curl https://guardrails.vulnetix.com/anthropic/$ORG/v1/models \
-H "x-api-key: $VULNETIX_API_KEY"
If that returns models and the picker is still empty, the app has cached the failure — fully quit and reopen.
503
The firewall is refusing to guess. Depending on the message: it could not verify your key, could not load your guardrails, or could not reach its database.
It does not forward requests it could not screen. That is the correct behaviour for a firewall, and it is why authentication and policy are always fail-closed. See the error reference.
413 request_too_large
The request body exceeds 8 MiB. Coding agents reading large files hit this. It is a transport limit, not a policy, and it is not configurable.
Requests are slow
The firewall adds a policy check and a regex pass. That is microseconds — it is not your latency.
Check: the provider itself, whether you are streaming (you should be, for long outputs), and — if you use Claude Code — whether a redaction rule is firing inside a cached prefix and destroying your prompt cache, which makes every turn pay full price. Keep redaction rules narrow on agent traffic.
Still stuck
vulnetix ai-firewall status -o json
That is the complete picture of your policy, your keys, and your local wiring, and it is the first thing to include in a support request.