A simple CLI tool for managing Vercel Firewall rules as code, enabling version control and automated deployment of your project's security configuration.
- 🔒 Manage Firewall Rules: Create, update, and delete Vercel Firewall rules using a simple configuration file
- 🔄 Sync Rules: Easily sync rules between your configuration file and Vercel
- ⬇️ Download Rules: Import existing firewall rules from your Vercel project
- ✅ Validation: Built-in configuration validation to prevent errors
- 📋 List Rules: View current firewall rules in table or JSON format
- 🚀 CI/CD Integration: Automate firewall rule management in your deployment pipeline
npm install vercel-doorman
# or
yarn add vercel-doorman
# or
pnpm add vercel-doormanCreate a vercel-firewall.config.json file in your project root. The configuration file supports JSON Schema for enhanced IDE features like autocompletion and validation:
{
"$schema": "https://doorman.griffen.codes/schema.json",
"projectId": "your-project-id",
"teamId": "your-team-id",
"rules": [],
"ips": []
}To get started with adding new rules to your configuration file
- Use the
templatecommand to add one of vercel's predefined rule templates to your configuration file. - Refer to the /examples directory for examples of custom rules.
First, create a Vercel API Token with appropriate permissions.
vercel-doorman list [configVersion] --token YOUR_TOKENLists firewall rules, either the current active configuration or a specific version.
Options:
configVersion: Optional version number to fetch a specific configuration version--projectId, -p: Vercel Project ID--teamId, -t: Vercel Team ID--token: Vercel API token--format, -f: Output format (json or table, defaults to table)
Examples:
# List current active rules
vercel-doorman list
# List rules from a specific version
vercel-doorman list 1
# List specific version in JSON format
vercel-doorman list 2 --format jsonvercel-doorman sync --token YOUR_TOKENOptions:
--config, -c: Path to config file (defaults to vercel-firewall.config.json)--projectId, -p: Vercel Project ID (can be set in config file)--teamId, -t: Vercel Team ID (can be set in config file)--token: Vercel API token
vercel-doorman download [configVersion] --token YOUR_TOKENDownloads firewall rules from your Vercel project and updates your local configuration file. You can download either the current active configuration or a specific version. Includes a confirmation prompt before making changes.
Options:
configVersion: Optional version number to download a specific configuration version--config, -c: Path to config file (defaults to vercel-firewall.config.json)--projectId, -p: Vercel Project ID (can be set in config file)--teamId, -t: Vercel Team ID (can be set in config file)--token: Vercel API token--dry-run, -d: Preview changes without modifying the config file
Example workflows:
# Download latest configuration
# First, preview the rules
vercel-doorman download --dry-run
# Then download and update the config
vercel-doorman download
# Download specific version
# First, preview the rules from version 1
vercel-doorman download 1 --dry-run
# Then download version 1 and update the config
vercel-doorman download 1vercel-doorman template [templateName]Adds a predefined rule template to your configuration file. If no templateName argument is provided, a list of available templates will be displayed instead.
Learn more about Vercel's Firewall templates here.
Options:
templateName: Name of the template to add
Example:
# Select a template to add
vercel-doorman template
# Block traffic to Wordpress URLs
vercel-doorman template wordpress
# Block traffic from AI Bots
vercel-doorman template ai-botsvercel-doorman validateOptions:
--config, -c: Path to config file (defaults to vercel-firewall.config.json)--verbose, -v: Show detailed validation results
Instead of passing command-line arguments, you can set these environment variables:
VERCEL_TOKEN: Your Vercel API tokenVERCEL_PROJECT_ID: Your Vercel project IDVERCEL_TEAM_ID: Your Vercel team ID
Contributions are welcome!
This project is licensed under the MIT License - see the LICENSE file for details.