Firewall Management MPI v3.2
Package firewall rules, suppression policies, alerting, and CI/CD integration
Skill and extension policies moved to Firewall Skills.
Firewall Rules 0
These are sample pre-built firewall rule policies you can activate and customize.
Block Confirmed Malware
MPI confidence ≥ 75% + active compromise → block
Quarantine New Packages
Packages less than 48 hours old → warn
Block Credential Theft
RS-001 or NS-004 signals → block
Block Install Hook Abuse
CS-002 + package < 7 days → block
Warn High PS-OSS Risk
PS-OSS score ≥ 80 → warn
| Name | Pattern | Type | Ecosystem | Action | Priority | Fire Count | Status | Actions |
|---|---|---|---|---|---|---|---|---|
| Loading firewall rules... | ||||||||
Suppression Rules 0
Best-Practice Suppression Templates (Not Active by Default)
These templates are recommendations. Activating one creates a disabled draft that you can review before enabling.
| Template | Pattern | Reason | Status | Action |
|---|---|---|---|---|
| Loading suppression templates... | ||||
| ID | Pattern | Reason | Suppresses | Fire Count | Source | Actions |
|---|---|---|---|---|---|---|
| Loading suppression rules... | ||||||
Slack Alert Configuration
Rules Fired (Last 7 Days)
Ecosystem Breakdown
Latest Malware Sightings
| Package | Version | Ecosystem | Threat Type | Tags | Confirmed |
|---|---|---|---|---|---|
| Loading sightings... | |||||
GitHub Actions
Block malicious packages in your GitHub Actions CI pipeline before they reach production.
name: Phoenix Firewall Check
on: [push, pull_request]
jobs:
firewall-scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Phoenix Firewall Scan
run: |
curl -sSf $PHOENIX_API/firewall/scan \
-H "Authorization: Bearer ${{ secrets.PHOENIX_TOKEN }}" \
-d @package-lock.json
env:
PHOENIX_API: https://your-instance.cvedetails.io/api/v1/malware-intel
GitLab CI
Integrate Phoenix firewall checks into your GitLab CI/CD pipeline stages.
phoenix-firewall:
stage: test
image: curlimages/curl:latest
script:
- |
curl -sSf $PHOENIX_API/firewall/scan \
-H "Authorization: Bearer $PHOENIX_TOKEN" \
-d @package-lock.json
variables:
PHOENIX_API: "https://your-instance.cvedetails.io/api/v1/malware-intel"
Jenkins
Add Phoenix firewall scanning to your Jenkins declarative or scripted pipelines.
pipeline {
agent any
stages {
stage('Phoenix Firewall') {
steps {
withCredentials([string(
credentialsId: 'phoenix-token',
variable: 'TOKEN')]) {
sh '''
curl -sSf $PHOENIX_API/firewall/scan \
-H "Authorization: Bearer $TOKEN" \
-d @package-lock.json
'''
}
}
}
}
}
Setup Instructions
- Generate an API token from your User Dashboard (Pro or Enterprise tier required).
- Store the token as a secret in your CI/CD platform (e.g.,
PHOENIX_TOKEN). - Copy the appropriate template above into your pipeline configuration.
- Replace
your-instance.cvedetails.iowith your Phoenix Security instance URL. - The scan endpoint accepts
package-lock.json,yarn.lock,requirements.txt,Gemfile.lock,go.sum, andpom.xml. - The pipeline will fail with exit code 1 if any blocked packages are detected.
Deploy the Phoenix Security Blue Shield firewall to block malicious and vulnerable packages before they reach your machines, CI pipelines, and AI coding agents. Generate a firewall API key below, then copy a ready-to-run install command — the key is injected automatically.
1 Automated configuration — firewall API key
The firewall authenticates to your Phoenix instance with a scoped API key
(api_firewall). Generate one here and it will be wired into the
install commands and the export PHOENIX_API_KEY snippet below.
export PHOENIX_API_KEY=phx_your_key_here
2 Blue Shield Firewall — proxy & endpoint
Single Go binary with two modes: proxy mode (MITM on
:8080 for CI/CD) and endpoint mode (PATH shims for
developer workstations). Repository:
Security-Phoenix-demo/blue-shield-firewall.
Install (macOS / Linux)
One-line installer — downloads the latest binary, no root required.
curl -sSfL https://raw.githubusercontent.com/Security-Phoenix-demo/blue-shield-firewall/main/scripts/install.sh | bash
Install (Windows / PowerShell)
Run in an elevated or user PowerShell session.
irm https://raw.githubusercontent.com/Security-Phoenix-demo/blue-shield-firewall/main/scripts/install.ps1 | iex
Proxy mode (CI/CD or dev)
Start the proxy and inject HTTPS_PROXY + CA into the current shell, then run installs.
eval $(phoenix-firewall proxy --api-key $PHOENIX_API_KEY --ci)
npm ci
pip install -r requirements.txt
Endpoint mode (workstation)
Install userland PATH shims once, then enroll with your API key.
phoenix-firewall init
phoenix-firewall enroll --api-key $PHOENIX_API_KEY
GitHub Action
Drop the action into a workflow step; store the key as a repo secret.
- uses: Security-Phoenix-demo/firewall-action@v1
with:
api-key: ${{ secrets.PHOENIX_API_KEY }}
Pre-built binaries
| Platform | Artifact |
|---|---|
| macOS (Apple Silicon) | phoenix-firewall_<ver>_darwin_arm64.tar.gz |
| macOS (Intel) | phoenix-firewall_<ver>_darwin_amd64.tar.gz |
| Linux x86_64 | phoenix-firewall_<ver>_linux_amd64.tar.gz |
| Linux ARM64 | phoenix-firewall_<ver>_linux_arm64.tar.gz |
| Windows x86_64 | phoenix-firewall_<ver>_windows_amd64.zip |
3 Blue Shield Firewall Agents — AI coding agents
NPM packages, shell hooks, and an MCP server that protect AI coding agents (Claude Code, Cursor, Codex, Windsurf, Cline, Aider, Copilot, Antigravity). Repository: Security-Phoenix-demo/blue-shield-agent-firewall.
Quick start
Scaffold config, detect installed agents, and install the Claude Code hook.
export PHOENIX_API_KEY=phx_your_key_here
npx @phoenix-security/cli init
npx @phoenix-security/cli install-hooks claude-code
MCP server
Expose the phoenix_* tools to any MCP-capable agent.
npx -y @phoenix-security/mcp-firewall
Install CLI globally
Install the CLI for repeated use, then scan a lockfile.
npm install -g @phoenix-security/cli
phoenix-firewall scan package-lock.json