Quickstart Get Vectra Guard running and execute your first protected command in under 5 minutes.
What you’ll achieve After following this guide:
Commands run with vectra-guard exec will be protected
Risky commands will be caught or sandboxed automatically
Full audit trail of everything executed
CVE scanning for known vulnerable dependencies
Secret and code scanning capabilities
Install Vectra Guard
Install with a single command: macOS and Linux: curl -fsSL https://raw.githubusercontent.com/xadnavyaai/vectra-guard/main/install.sh | bash
Windows (PowerShell): irm https: // raw.githubusercontent.com / xadnavyaai / vectra - guard / main / scripts / install-windows.ps1 | iex
The installer defaults to user-space ($HOME/.local/bin on Unix, %LOCALAPPDATA%\VectraGuard on Windows). Ensure the install directory is on your PATH. The installer will prompt to add the install directory to your PATH automatically. For this shell session, run: export PATH = " $PATH : $HOME /.local/bin" alias vg = 'vectra-guard'
Start a session
Sessions enable command tracking and audit trails: SESSION = $( vectra-guard session start --agent "manual" ) export VECTRAGUARD_SESSION_ID = $SESSION
The session ID is stored in $VECTRAGUARD_SESSION_ID. All commands executed within this session will be tracked.
Verify the session started: echo $VECTRAGUARD_SESSION_ID
Expected output:
Run your first protected command
Execute a simple command through Vectra Guard: vectra-guard exec -- echo "Hello, Vectra Guard!"
Expected output: The command executed successfully and was logged to your session. Use the vg alias for faster workflows: vg exec -- echo "Hello, Vectra Guard!"
Try a risky command
See how Vectra Guard handles potentially dangerous operations: vectra-guard exec -- rm -rf /tmp/test-file
Expected output: ⚠️ Risk detected: medium Command: rm -rf /tmp/test-file Reason: Recursive deletion detected [Command executed with monitoring]
The command was analyzed, risk level assessed, and logged for audit. High-risk commands like rm -rf / or rm -rf /etc are blocked automatically and will not execute.
Audit your session
Review what commands were executed: vectra-guard audit session
Example output: Session: session-1234567890 Agent: manual Started: 2026-03-03T10:30:00Z Commands executed: 1. [2026-03-03T10:30:15Z] echo "Hello, Vectra Guard!" (low risk) 2. [2026-03-03T10:31:22Z] rm -rf /tmp/test-file (medium risk) Total commands: 2 High risk: 0 Medium risk: 1 Low risk: 1
You can also view a specific session: vectra-guard session show $VECTRAGUARD_SESSION_ID
Validate a script
Check a script for security risks without executing it: vectra-guard validate my-script.sh
Example output: Validating: my-script.sh ✅ Script analysis complete Risk level: LOW No critical issues found.
For a detailed explanation of risks: vectra-guard explain my-script.sh
Run a CVE scan
Scan your project for known vulnerabilities: # Sync the CVE database (first time only) vectra-guard cve sync --path . # Scan for vulnerabilities vectra-guard cve scan --path .
Example output: Scanning for CVEs in: . Found vulnerabilities: - [email protected] (HIGH): Prototype pollution CVE-2020-8203 Total packages scanned: 847 Vulnerabilities found: 1
Get details about a specific vulnerability: Common workflows Daily development # Start your day with a new session SESSION = $( vg session start --agent "manual" ) export VECTRAGUARD_SESSION_ID = $SESSION # Install dependencies safely vg exec -- npm install # Run tests vg exec -- npm test # Review what you did vg audit session
Working with AI agents # Session automatically tracks AI-suggested commands vg exec -- npm install express vg exec -- npm run build # Review what the AI did vg session show $VECTRAGUARD_SESSION_ID
Validating deployment scripts # Check a script before running vg validate deploy.sh # Get detailed risk explanation vg explain deploy.sh # If safe, execute it vg exec -- ./deploy.sh
Sandbox mode By default, Vectra Guard runs all commands in a sandbox for maximum security with intelligent caching for 10x faster installs.
# All commands run in sandbox (default) vg exec -- npm install # First run: normal speed vg exec -- npm install # Subsequent runs: 10x faster with cache
Cache directories like ~/.npm, ~/.cache/pip, ~/.cargo, etc. are automatically mounted into the sandbox, giving you speed without sacrificing security.
Trust store Approve frequently used commands to skip the sandbox:
# Run with interactive approval vg exec --interactive -- npm test # Options: # y - Yes, run once # r - Yes, and remember (trust permanently) # n - No, cancel Choose: r # Now 'npm test' runs instantly on host vg exec -- npm test # ⚡ Instant, no sandbox
Manage trusted commands:
# List trusted commands vg trust list # Add a trusted command vg trust add "npm run dev" --note "Dev server" # Remove a trusted command vg trust remove "npm test"
Next steps
Installation guide Detailed installation instructions and troubleshooting
Configuration Configure policies, sandbox settings, and more
Session management Learn about sessions and audit trails
CVE scanning Deep dive into vulnerability scanning
Run vg help to see all available commands, or vg help <command> for detailed usage of a specific command.