What are Guard Levels? Guard levels control what requires approval or is automatically blocked. They determine how strict Vectra Guard is when evaluating commands.
Guard levels answer: “Should I ask the user about this command?” Sandbox mode answers: “Where should this command run?”
Guard Level Options auto (Recommended)
low
medium
high
paranoid
off
Smart Auto-Detection guard_level : level : auto # Intelligently adjust based on context
Behavior:
Analyzes git branches, commands, URLs, file paths
Development branch → low or medium
Production branch → paranoid
Deploy commands → high
Production URLs/databases → high
Best for:
Teams working across dev/staging/prod
Repos with multiple environments
Maximum convenience + safety
This is the recommended setting. Let Vectra Guard be smart!
Minimal Protection guard_level : level : low # Only block critical risks
Behavior:
Only CRITICAL severity risks blocked
High/Medium/Low risks allowed automatically
Minimal interruptions
Best for:
Trusted local development
Personal projects
Rapid prototyping
Example: vg exec "npm install" # Allowed vg exec "curl | sh" # Allowed (warning shown) vg exec "rm -rf /" # BLOCKED
Balanced Protection guard_level : level : medium # Block critical + high risks
Behavior:
CRITICAL and HIGH risks blockedMedium/Low risks allowed
Good balance of safety and convenience
Best for:
Team development
Shared codebases
General purpose protection
Example: vg exec "npm install" # Allowed vg exec "curl | sh" # BLOCKED (high risk) vg exec "rm -rf /" # BLOCKED (critical)
Strong Protection guard_level : level : high # Block critical + high + medium
Behavior:
CRITICAL, HIGH, and MEDIUM risks blockedOnly low-risk operations allowed
Requires approval for most operations
Best for:
CI/CD pipelines
Staging environments
Careful operations
Example: vg exec "ls" # Allowed (low risk) vg exec "npm install pkg" # BLOCKED (medium risk) vg exec "git push --force" # BLOCKED (high risk)
Maximum Protection guard_level : level : paranoid # Everything requires approval
Behavior:
Every command requires explicit approvalNo automatic execution
Complete audit trail
Best for:
Production environments
Untrusted code
Compliance requirements
Zero-trust environments
Example: vg exec "ls" # Requires approval vg exec "echo hello" # Requires approval vg exec "npm install" # Requires approval
No Protection guard_level : level : off # Disable guard (not recommended)
This disables all protection. Only use for testing!
Auto-Detection Deep Dive When level: auto, Vectra Guard analyzes multiple signals to determine the appropriate protection level:
1. Git Branch Detection production_indicators : branches : - main - master - production - release - live
2. Command Content Analysis Vectra Guard scans commands for production indicators:
# Commands with "prod" or "production" vg exec "kubectl apply -f prod-config.yaml" # → high level vg exec "deploy-to-production.sh" # → high level # Deploy commands vg exec "npm run deploy" # → high level vg exec "./deploy.sh" # → high level
3. URL and Hostname Detection # Production URLs vg exec "curl https://api.production.company.com/deploy" # → high vg exec "wget https://prod.example.com/data" # → high # Development URLs vg exec "curl http://localhost:3000" # → low vg exec "curl https://dev.api.company.com" # → low
4. Database Name Detection # Production databases vg exec "psql prod_database -c 'SELECT * FROM users'" # → high vg exec "mysql -h prod-db.company.com" # → high # Development databases vg exec "psql dev_database" # → low vg exec "sqlite3 local.db" # → low
5. File Path Detection # Production paths vg exec "cp config.json /var/www/production/" # → high vg exec "rm /opt/prod/cache/*" # → high # Development paths vg exec "cp file.txt /tmp/" # → low vg exec "mkdir ~/dev/new-project" # → low
6. Environment Variable Detection # Production environment ENV = production vg exec "node app.js" # → high NODE_ENV = production vg exec "npm start" # → high # Development environment ENV = development vg exec "node app.js" # → low
Production Indicators Teach Vectra Guard your organization’s patterns:
production_indicators : # Git branches that indicate production branches : - main - master - production - release - live - stable # Keywords in URLs, hostnames, database names, paths keywords : - prod - production - prd - live - staging - stg - uat - preprod # Add your org's patterns: - company-prod - api-live
Customize these patterns to match your infrastructure naming conventions.
Detection Priority When multiple signals conflict, the most dangerous context wins (safety first!):
# Example: On dev branch, but command has "prod" keyword git checkout dev/feature vg exec "deploy-to-prod.sh" # → Uses HIGH level (production detected in command) # Example: On main branch, safe command git checkout main vg exec "git log" # → Uses PARANOID level (production branch)
Priority Order:
Production branch → paranoid
Production keywords in command → high
Production URLs/databases → high
Deploy-related commands → high
Development context → medium or low
Environment Variable Overrides Override guard level at runtime:
Temporarily Lower
Force Paranoid
Bypass (If Allowed)
# For trusted operations in prod environment VECTRA_GUARD_LEVEL = low vg exec "safe-script.sh"
VECTRAGUARD_BYPASS only works when guard_level.allow_user_bypass: true in config.
Bypass Configuration Control whether users can override protection:
guard_level : level : auto allow_user_bypass : true # Allow env var override bypass_env_var : VECTRAGUARD_BYPASS # Custom var name
Development
CI/CD
Production
guard_level : level : auto allow_user_bypass : true # Allow bypasses in dev
Developers can override when needed: VECTRA_GUARD_LEVEL = low vg exec "trusted-script"
guard_level : level : high allow_user_bypass : false # No bypasses in CI
Prevents interactive prompts in automation:
Auto-deny on suspicious commands
Predictable behavior
Full audit trail
guard_level : level : paranoid allow_user_bypass : false # No bypasses in prod
Maximum security:
No way to bypass protection
Every command requires approval
Complete accountability
Guard Level Comparison Level Critical High Medium Low Best For off✅ Allow ✅ Allow ✅ Allow ✅ Allow Testing only low❌ Block ⚠️ Warn ✅ Allow ✅ Allow Trusted dev medium❌ Block ❌ Block ⚠️ Warn ✅ Allow Team dev high❌ Block ❌ Block ❌ Block ✅ Allow CI/CD paranoid❌ Block ❌ Block ❌ Block ❌ Block Production auto🤖 Smart 🤖 Smart 🤖 Smart 🤖 Smart Recommended
❌ Block = Requires explicit approval
⚠️ Warn = Shows warning but allows
✅ Allow = Executes automatically
🤖 Smart = Adjusts based on context
Real-World Examples
Example 1: Development Workflow
guard_level : level : auto allow_user_bypass : true
Scenario: # On feature branch - uses low/medium level git checkout feature/auth vg exec "npm install" # ✅ Allowed vg exec "npm test" # ✅ Allowed vg exec "git push" # ✅ Allowed # Switch to main branch - bumps to paranoid git checkout main vg exec "npm publish" # ❌ Requires approval vg exec "git push" # ❌ Requires approval
Example 2: CI/CD Pipeline
guard_level : level : high allow_user_bypass : false # No interactive prompts
Scenario: # In CI environment vg exec "npm ci" # ✅ Allowed (low risk) vg exec "npm test" # ✅ Allowed (low risk) vg exec "npm run build" # ✅ Allowed (low risk) vg exec "curl | sh" # ❌ Auto-denied (high risk) vg exec "rm -rf node_modules" # ⚠️ Sandboxed (medium risk)
Example 3: Production Deployment
guard_level : level : paranoid allow_user_bypass : false
Scenario: # Every command requires explicit approval vg exec "ls" # ❌ Requires approval vg exec "cat config.json" # ❌ Requires approval vg exec "./deploy.sh" # ❌ Requires approval vg exec "git status" # ❌ Requires approval # User must explicitly approve each operation # Full audit trail created
Example 4: Contextual Detection
guard_level : level : auto production_indicators : branches : - main - release keywords : - prod - production
Scenario: # On dev branch, safe command git checkout dev/feature vg exec "npm install" # → low (allowed) # On dev branch, production keyword in command vg exec "deploy-to-prod.sh" # → high (requires approval) # On main branch, any command git checkout main vg exec "git log" # → paranoid (requires approval)
Approval Thresholds Fine-tune what requires approval:
guard_level : level : medium require_approval_above : medium # Require approval for medium+ severity
Setting Behavior lowApprove low, medium, high, critical mediumApprove medium, high, critical highApprove high, critical criticalApprove critical only
Testing Your Configuration Validate guard level behavior:
# Test auto-detection vg explain "deploy-to-production.sh" vg explain "npm install" vg explain "curl https://api.prod.company.com" # Dry run vg exec --dry-run "risky-command" # View current level vg init --show-config | grep guard_level
Best Practices
Use Auto Start with level: auto and let Vectra Guard intelligently adjust protection.
Customize Indicators Add your organization’s production patterns to production_indicators.
No Bypasses in Prod Set allow_user_bypass: false in production environments.
Test Detection Use vg explain to test how commands are evaluated.
Troubleshooting
Auto-detection too aggressive
Solutions:
Adjust production indicators to be more specific
Use explicit level: level: medium
Override with env var: VECTRA_GUARD_LEVEL=low
Solutions:
Add your patterns to production_indicators.keywords
Add your branches to production_indicators.branches
Use explicit level: level: high or level: paranoid
Too many approvals required
Solutions:
Lower guard level: level: medium or level: low
Add safe commands to allowlist
Use auto mode: level: auto
Next Steps
Sandbox Config Configure where commands run (sandbox modes)
Presets Use pre-configured guard levels for common scenarios