Complete Feature Set
Everything you need to secure your development workflow, from command validation to CVE scanning
Command Risk Guard
Automatically blocks dangerous operations before they execute
Vectra Guard analyzes every command for potential risks using 200+ patterns. It prevents root deletion, privilege escalation, and other destructive operations.
# Dangerous command blocked automatically
vg exec -- rm -rf /
❌ CRITICAL: Command blocked for safety
• Pattern: DANGEROUS_DELETE_ROOT
• Risk Level: CRITICAL
• Blocked to protect your systemSmart Sandboxing
Isolate risky commands with intelligent caching for 10x speedup
Run untrusted code in secure Docker containers with mounted dependency caches. First run builds cache, subsequent runs are blazing fast.
# Always-on sandbox with caching (default)
sandbox:
enabled: true
mode: always
enable_cache: true
# Result: 10x faster installs!
vg exec -- npm install
# First run: 12.3s
# Cached runs: 1.2s ⚡CVE Scanning
Detect vulnerable dependencies before installation
Local CVE database powered by OSV. Scan package manifests and lockfiles for known vulnerabilities across npm, pip, go, cargo, and more.
# Sync CVE database
vg cve sync --path .
# Scan dependencies
vg cve scan --path .
⚠️ lodash@4.17.20 (npm)
├─ CVE-2020-28500 (Moderate)
│ Regular Expression Denial of Service
└─ Fix: Upgrade to lodash@4.17.21Session Auditing
Complete audit trail of all agent and developer activities
Track every command, file operation, and risk decision. Perfect for compliance, debugging, and understanding AI agent behavior.
# Start tracked session
SESSION=$(vg session start --agent "cursor-ai")
export VECTRAGUARD_SESSION_ID=$SESSION
# All commands auto-tracked
npm install
git commit -m "feat"
# View session
vg session show $SESSION10x Faster Installs
Cache-mounted dependencies eliminate repeated downloads
Mount host package caches into sandbox containers. npm, pip, cargo, go, and more automatically reuse cached packages for massive speedup.
# Automatic cache mounting
~/.npm → container /.npm
~/.cargo → container /.cargo
~/.cache/pip → container /.cache/pip
Result:
• First install: 12.3s
• Cached install: 1.2s
• 10x faster! ⚡Explainable Risk
Understand why commands are flagged as risky
Human-friendly explanations for every security decision. Learn security best practices as you work.
# Explain specific risks
vg explain risky-script.sh
⚠️ RISK: Detected 'curl | sh'
• Pattern: PIPE_TO_SHELL
• Risk: Remote code execution
• Recommendation: Download first, review, then executeTrust Store
Approve commands once, run them instantly forever
Build a library of trusted commands that skip sandbox. Perfect for common operations you run daily.
# Trust a command
vg trust add "npm test" --note "Safe test"
# Runs instantly on host (no sandbox)
vg exec -- npm test
✅ 42 tests passed (0.8s)
# Manage trust store
vg trust list
vg trust remove "old-command"Real-Time Protection
Analyze commands as they execute
Zero-overhead analysis for most commands. Intelligent routing between host and sandbox based on risk.
# Auto mode: smart routing
sandbox:
mode: auto
# Safe commands → host (instant)
vg exec -- echo "hello"
# Risky commands → sandbox
vg exec -- curl remote.com | shAgent-Friendly
Seamless integration with AI coding tools
One command seeds instructions for Cursor, Copilot, and other AI assistants. They learn to use Vectra Guard automatically.
# Seed agent instructions
vg seed agents --target . --targets "agents,cursor"
✅ Created .cursorrules
✅ Created .agents/AGENTS.md
Agents now know:
• When to scan for CVEs
• How to validate risks
• When to use sandboxSecurity Without Compromise
Everything you need to protect your development workflow — from AI agents to production deployments.
Command Risk Guard
Blocks dangerous operations automatically before they hit your system.
Smart Sandboxing
Isolates risky actions in secure environments with intelligent caching.
CVE Scanning
Flags packages with known vulnerabilities before installation.
Session Auditing
Track what ran, who ran it, and why — perfect for compliance.
10x Faster Installs
Cache-mounted dependencies make sandboxed installs blazing fast.
Explainable Risk
Human-friendly explanations for why something is risky.
Trust Store
Trust common commands once to skip sandbox on repeated runs.
Real-Time Protection
Analyze and protect commands as they're executed.
Agent-Friendly
Works seamlessly with Cursor, VS Code, Copilot workflows.
Ready to get started?
Install Vectra Guard in 30 seconds and secure your entire workflow