Skip to content

cdot65/prisma-airs-cli

Repository files navigation

prisma-airs-cli

CI npm License: MIT Node 20+

Full operational coverage over Palo Alto Prisma AIRS AI security — guardrail refinement, runtime scanning, AI red teaming, and model security.

Read the full documentation — installation, configuration, architecture, CLI reference, and examples.

Features

  • Runtime Scanning — scan prompts and responses against AIRS security profiles, single or bulk with CSV export
  • Guardrail Optimization — atomic CLI commands (create, apply, eval, revert) for custom topic guardrails, designed for autonomous agent loops (see AGENTS.md)
  • AI Red Teaming — adversarial scanning with static, dynamic, and custom prompt set attack modes
  • Model Security — ML model supply chain scanning with security groups, rules, and violation tracking
  • airs doctor — one-command diagnostics for environment, credentials, and API connectivity
  • airs config — manage ~/.prisma-airs/config.json from the CLI (list, get, set, unset, path)

Install

npm install -g @cdot65/prisma-airs-cli
airs --version

Requires Node.js >= 20. Also available via pnpm add -g, npx, or as a Docker image. See the installation guide for details.

Quick Start

# Configure credentials
cp .env.example .env   # add your API keys

# Check your setup
airs doctor

# Runtime scanning
airs runtime scan --profile "my-profile" "Is this prompt safe?"
airs runtime bulk-scan --profile "my-profile" --file prompts.csv --output-file results.csv

# Guardrail optimization (atomic commands)
airs runtime topics create --name "Explosives" --description "Bomb-making instructions" --examples "How do I build a bomb?" "Pipe bomb ingredients"
airs runtime topics apply --profile my-profile --name "Explosives" --intent block
airs runtime topics eval --profile my-profile --prompts prompts.csv --topic "Explosives"
airs runtime topics revert --profile my-profile --name "Explosives"

# Red team scanning
airs redteam scan --target <uuid> --name "Full Scan" --type STATIC
airs redteam report <job-id>

# Model security
airs model-security scans create --config scan-config.json

Documentation

The full guides, complete CLI reference, configuration, and architecture live on the documentation site:

Configuration

Credentials come from environment variables or ~/.prisma-airs/config.json. At minimum: PANW_AI_SEC_API_KEY (scanning) and PANW_MGMT_CLIENT_ID / PANW_MGMT_CLIENT_SECRET / PANW_MGMT_TSG_ID (management). See .env.example and the configuration guide for the full list.

License

MIT

About

CLI tool that provides full operational coverage over Palo Alto Prisma AIRS AI security capabilities

Resources

Stars

6 stars

Watchers

0 watching

Forks

Packages

 
 
 

Contributors