Skip to main content

Welcome to Vectra Guard

Vectra Guard adds a safety layer to your development environment. AI agents and automation run with your full shell access—one mistaken command can wipe a repo, delete system files, or push risky changes. Vectra Guard checks every command, isolates risky execution in a sandbox, and keeps a clear audit trail.

Why Vectra Guard?

AI agents and automation run with your full shell access. One mistaken command can wipe a repo, delete system files, or push risky changes. Vectra Guard adds a safety layer that checks every command, isolates risky execution in a sandbox, and keeps a clear audit trail.

Safety by default

Risky commands are analyzed before they run. Dangerous operations blocked automatically.

CVE scanning

Local cache and manifest scanning for known vulnerable dependencies.

Non-invasive install

User-space by default with a one-line install and easy uninstall.

Sandbox + cache

Isolate unknown code and reuse cached dependencies for 10x faster installs.

Auditability

Review what ran, what was blocked, and why with complete session logs.

Agent confidence

Clear guardrails for agentic workflows without disrupting normal shells.

What it protects against

Vectra Guard automatically detects and blocks 200+ risky patterns across 30+ system directories:
  • Root or system deletionrm -rf /, rm -rf /etc
  • Dangerous operationsmkfs, dd if=
  • Risky git actions — force push, history rewrites
  • Networked installscurl | sh, wget | bash
  • Known vulnerable dependencies — via CVE scanning
  • Exposed secrets and risky code patternsvg scan-secrets, vg scan-security
  • External HTTP(S) endpoints — when using vg/vectra-guard (localhost only by default)
  • Sudo usage — when using vg/vectra-guard (override with VECTRAGUARD_ALLOW_SUDO=1)
Vectra Guard protects 30+ system directories across macOS, Linux, and Windows, and detects 200+ risky patterns automatically.

Platform support

Vectra Guard works on all major platforms:
  • macOS — x86_64, arm64 (Apple Silicon)
  • Linux — x86_64, arm64
  • Windows — x86_64, arm64

Get started

Quickstart

Get to your first successful command execution in under 5 minutes

Installation

Install Vectra Guard on macOS, Linux, or Windows

Key features

Execution protection

Sandbox risky commands and block dangerous ones. Optional interactive approval for medium-risk actions. 
vectra-guard exec -- npm install

Script validation

Analyze scripts for security risks without executing — safe pre-check before you run anything. 
vectra-guard validate scripts/deploy.sh

Session and audit

Traceability: what ran, what was blocked, session IDs and audit logs. 
SESSION=$(vectra-guard session start --agent "manual")
export VECTRAGUARD_SESSION_ID=$SESSION
vectra-guard exec -- npm install
vectra-guard audit session

CVE scanning

Flag vulnerable dependencies before install. Sync a local CVE cache and scan manifests/lockfiles. 
vectra-guard cve sync --path .
vectra-guard cve scan --path .

Secret and code scanning

Predetect before deploy: find exposed secrets and risky code patterns. 
vectra-guard scan-secrets --path .
vectra-guard scan-security --path . --languages go,python,c,config

Next steps

Quickstart

Run your first protected command

Installation

Detailed installation guide

Configuration

Configure policies and settings

Build docs developers (and LLMs) love

Get started for freeTalk to us