Firewall Management MPI v3.2

Package firewall rules, suppression policies, alerting, and CI/CD integration

Skill and extension policies moved to Firewall Skills.

Firewall Rules 0

Firewall Skills

These are sample pre-built firewall rule policies you can activate and customize.

Block Confirmed Malware

MPI confidence ≥ 75% + active compromise → block

Quarantine New Packages

Packages less than 48 hours old → warn

Block Credential Theft

RS-001 or NS-004 signals → block

Block Install Hook Abuse

CS-002 + package < 7 days → block

Warn High PS-OSS Risk

PS-OSS score ≥ 80 → warn

Name Pattern Type Ecosystem Action Priority Fire Count Status Actions
Loading firewall rules...

Suppression Rules 0

Best-Practice Suppression Templates (Not Active by Default)

These templates are recommendations. Activating one creates a disabled draft that you can review before enabling.

Template Pattern Reason Status Action
Loading suppression templates...
ID Pattern Reason Suppresses Fire Count Source Actions
Loading suppression rules...

Slack Alert Configuration

Checking global configuration...
Open Global Alert Settings
Used only when global configuration is disabled for this firewall workflow.
0
Total Rules
0
Total Fires Today
0
Blocked Packages
0
Active IOCs

Rules Fired (Last 7 Days)

Ecosystem Breakdown

Latest Malware Sightings

Package Version Ecosystem Threat Type Tags Confirmed
Loading sightings...

GitHub Actions

Block malicious packages in your GitHub Actions CI pipeline before they reach production.

name: Phoenix Firewall Check
on: [push, pull_request]
jobs:
  firewall-scan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Phoenix Firewall Scan
        run: |
          curl -sSf $PHOENIX_API/firewall/scan \
            -H "Authorization: Bearer ${{ secrets.PHOENIX_TOKEN }}" \
            -d @package-lock.json
        env:
          PHOENIX_API: https://your-instance.cvedetails.io/api/v1/malware-intel

GitLab CI

Integrate Phoenix firewall checks into your GitLab CI/CD pipeline stages.

phoenix-firewall:
  stage: test
  image: curlimages/curl:latest
  script:
    - |
      curl -sSf $PHOENIX_API/firewall/scan \
        -H "Authorization: Bearer $PHOENIX_TOKEN" \
        -d @package-lock.json
  variables:
    PHOENIX_API: "https://your-instance.cvedetails.io/api/v1/malware-intel"

Jenkins

Add Phoenix firewall scanning to your Jenkins declarative or scripted pipelines.

pipeline {
  agent any
  stages {
    stage('Phoenix Firewall') {
      steps {
        withCredentials([string(
          credentialsId: 'phoenix-token',
          variable: 'TOKEN')]) {
          sh '''
            curl -sSf $PHOENIX_API/firewall/scan \
              -H "Authorization: Bearer $TOKEN" \
              -d @package-lock.json
          '''
        }
      }
    }
  }
}

Setup Instructions

  1. Generate an API token from your User Dashboard (Pro or Enterprise tier required).
  2. Store the token as a secret in your CI/CD platform (e.g., PHOENIX_TOKEN).
  3. Copy the appropriate template above into your pipeline configuration.
  4. Replace your-instance.cvedetails.io with your Phoenix Security instance URL.
  5. The scan endpoint accepts package-lock.json, yarn.lock, requirements.txt, Gemfile.lock, go.sum, and pom.xml.
  6. The pipeline will fail with exit code 1 if any blocked packages are detected.

Deploy the Phoenix Security Blue Shield firewall to block malicious and vulnerable packages before they reach your machines, CI pipelines, and AI coding agents. Generate a firewall API key below, then copy a ready-to-run install command — the key is injected automatically.

1 Automated configuration — firewall API key

The firewall authenticates to your Phoenix instance with a scoped API key (api_firewall). Generate one here and it will be wired into the install commands and the export PHOENIX_API_KEY snippet below.

Manage keys in User Dashboard
export PHOENIX_API_KEY=phx_your_key_here

2 Blue Shield Firewall — proxy & endpoint

Single Go binary with two modes: proxy mode (MITM on :8080 for CI/CD) and endpoint mode (PATH shims for developer workstations). Repository: Security-Phoenix-demo/blue-shield-firewall.

Install (macOS / Linux)

One-line installer — downloads the latest binary, no root required.

curl -sSfL https://raw.githubusercontent.com/Security-Phoenix-demo/blue-shield-firewall/main/scripts/install.sh | bash

Install (Windows / PowerShell)

Run in an elevated or user PowerShell session.

irm https://raw.githubusercontent.com/Security-Phoenix-demo/blue-shield-firewall/main/scripts/install.ps1 | iex

Proxy mode (CI/CD or dev)

Start the proxy and inject HTTPS_PROXY + CA into the current shell, then run installs.

eval $(phoenix-firewall proxy --api-key $PHOENIX_API_KEY --ci)
npm ci
pip install -r requirements.txt

Endpoint mode (workstation)

Install userland PATH shims once, then enroll with your API key.

phoenix-firewall init
phoenix-firewall enroll --api-key $PHOENIX_API_KEY

GitHub Action

Drop the action into a workflow step; store the key as a repo secret.

- uses: Security-Phoenix-demo/firewall-action@v1
  with:
    api-key: ${{ secrets.PHOENIX_API_KEY }}

Pre-built binaries

PlatformArtifact
macOS (Apple Silicon)phoenix-firewall_<ver>_darwin_arm64.tar.gz
macOS (Intel)phoenix-firewall_<ver>_darwin_amd64.tar.gz
Linux x86_64phoenix-firewall_<ver>_linux_amd64.tar.gz
Linux ARM64phoenix-firewall_<ver>_linux_arm64.tar.gz
Windows x86_64phoenix-firewall_<ver>_windows_amd64.zip
Download latest release Install guide & docs

3 Blue Shield Firewall Agents — AI coding agents

NPM packages, shell hooks, and an MCP server that protect AI coding agents (Claude Code, Cursor, Codex, Windsurf, Cline, Aider, Copilot, Antigravity). Repository: Security-Phoenix-demo/blue-shield-agent-firewall.

Quick start

Scaffold config, detect installed agents, and install the Claude Code hook.

export PHOENIX_API_KEY=phx_your_key_here
npx @phoenix-security/cli init
npx @phoenix-security/cli install-hooks claude-code

MCP server

Expose the phoenix_* tools to any MCP-capable agent.

npx -y @phoenix-security/mcp-firewall

Install CLI globally

Install the CLI for repeated use, then scan a lockfile.

npm install -g @phoenix-security/cli
phoenix-firewall scan package-lock.json
Latest release Agent hub docs