Getting Started

Install and configure Vectra Guard in 30 seconds

Installation

Vectra Guard supports macOS, Linux, and Windows. The installer auto-detects your OS and architecture.

Install — macOS & Linux
# macOS & Linux
curl -fsSL https://raw.githubusercontent.com/xadnavyaai/vectra-guard/main/install.sh | bash

# Verify installation
vg version
Install — Windows
# Windows (PowerShell, no admin required)
irm https://raw.githubusercontent.com/xadnavyaai/vectra-guard/main/scripts/install-windows.ps1 | iex

# Verify installation
vectra-guard version

macOS/Linux: Requires curl. Installs to ~/.local/bin. Windows: Installs to %LOCALAPPDATA%\VectraGuard (user-space, no admin). SHA256 checksum verified on all platforms.

Initialize Configuration

Create a configuration file and sync the CVE database:

Initialize Configuration
# Initialize global config (default — ~/.config/vectra-guard/config.yaml)
vg init

# Or repo-scoped config (.vectra-guard/config.yaml)
vg init --local

# Sync CVE database
vg cve sync --path .

Global config lives at ~/.config/vectra-guard/config.yaml. Repo-scoped config lives at .vectra-guard/config.yaml. Config loading order: global → project → local (later files override).

Seed Agent Instructions

Configure AI coding assistants (Cursor, Copilot, etc.) to use Vectra Guard:

Configure AI Agents
# Seed instructions for AI agents
vg seed agents --target . --targets "agents,cursor"

# This creates:
# - .cursor/rules/vectra-guard.md (Cursor AI rules)
# - AGENTS.md (Generic agent instructions)

Run Your First Commands

Basic Usage
# Start a tracked session
SESSION=$(vg session start --agent "manual")
export VECTRAGUARD_SESSION_ID=$SESSION

# Scan for CVEs
vg cve scan --path .

# Execute commands safely
vg exec -- npm install

# Validate a script
vg validate scripts/deploy.sh

# Launch the security dashboard
vg serve   # http://127.0.0.1:8000

# View session activity
vg session show $SESSION

How Protection Works

Default: Always Sandbox (Maximum Security)

All commands run in isolated sandbox by default with intelligent caching for 10x speedup.

Code
sandbox:
  enabled: true
  mode: always  # Default
  enable_cache: true  # 10x faster!

Auto Mode (Balanced)

Low-risk commands run on host, medium/high-risk in sandbox automatically.

Code
sandbox:
  mode: auto  # Smart routing

Trust Store

Approve commands once, run them instantly forever.

Code
# Trust a common command
vg trust add "npm test" --note "Safe"

# Runs on host (instant)
vg exec -- npm test

Next Steps

Configuration Guide →

Learn about presets, security levels, and customization

CVE Scanning →

Protect against vulnerable dependencies

Sandbox Deep Dive →

Understand sandboxing modes and performance

AI Agent Integration →

Configure Cursor, Copilot, and more