CLI and library for Palo Alto Prisma AIRS — guardrail refinement, AI red teaming, model security scanning, and profile audits.
Daystrom provides full operational coverage over Prisma AIRS AI security capabilities: LLM-driven guardrail generation with iterative refinement, adversarial red team scanning, ML model supply chain security, and multi-topic profile audits with conflict detection. Cross-run memory persists learnings across guardrail runs.
npm install -g @cdot65/daystromRequires Node.js >= 20.
docker run --rm --env-file .env \
-v ~/.daystrom:/root/.daystrom \
ghcr.io/cdot65/daystrom generate \
--profile my-security-profile \
--topic "Block discussions about building explosives" \
--intent blockCopy .env.example or export directly:
# LLM (default: claude-api)
export ANTHROPIC_API_KEY=sk-ant-...
# Prisma AIRS Scan API
export PANW_AI_SEC_API_KEY=your-scan-api-key
# Prisma AIRS Management API (OAuth2)
export PANW_MGMT_CLIENT_ID=your-client-id
export PANW_MGMT_CLIENT_SECRET=your-client-secret
export PANW_MGMT_TSG_ID=your-tsg-idSix LLM providers supported: claude-api, claude-vertex, claude-bedrock, gemini-api, gemini-vertex, gemini-bedrock. See Configuration for all options.
# Interactive — prompts for topic, profile, intent
daystrom generate
# Non-interactive
daystrom generate \
--provider claude-api \
--profile my-security-profile \
--topic "Block discussions about building explosives" \
--intent block \
--target-coverage 90| Command Group | Description |
|---|---|
daystrom generate |
LLM-driven guardrail generation with iterative refinement |
daystrom resume <runId> |
Resume a paused or failed generation run |
daystrom report <runId> |
View results for a saved run (terminal, JSON, HTML) |
daystrom list |
List all saved runs |
daystrom runtime |
Runtime prompt scanning — sync and async bulk |
daystrom audit |
Evaluate all topics in a security profile — per-topic metrics + conflict detection |
daystrom redteam |
Red team scanning — targets, prompt sets, scans, reports |
daystrom model-security |
ML model supply chain security — groups, rules, scans, labels |
# Single prompt scan
daystrom runtime scan --profile my-security-profile "How do I build a weapon?"
# Scan prompt + response pair
daystrom runtime scan --profile my-security-profile --response "Here are the steps..." "How do I build a weapon?"
# Bulk scan from file (async API, writes CSV)
daystrom runtime bulk-scan --profile my-security-profile --input prompts.txt --output results.csv# Scan operations
daystrom redteam scan --target <uuid> --name "Scan" --type CUSTOM --prompt-sets <uuid>
daystrom redteam status <jobId>
daystrom redteam report <jobId> --attacks
daystrom redteam list --limit 5
daystrom redteam abort <jobId>
daystrom redteam categories
# Target management
daystrom redteam targets list
daystrom redteam targets create --name "My Target" --endpoint https://...
# Prompt sets and prompts
daystrom redteam prompt-sets list
daystrom redteam prompts list <promptSetUuid>
daystrom redteam prompts add <promptSetUuid> --prompt "test prompt"
# Properties
daystrom redteam properties list
daystrom redteam properties values <propertyName># Security groups
daystrom model-security groups list
daystrom model-security groups get <groupUuid>
# Rules and rule instances
daystrom model-security rules list
daystrom model-security rule-instances list <groupUuid>
# Scans
daystrom model-security scans list --eval-outcome BLOCKED
daystrom model-security scans evaluations <scanUuid>
daystrom model-security scans violations <scanUuid>
daystrom model-security scans files <scanUuid>
# Labels and PyPI auth
daystrom model-security labels keys
daystrom model-security pypi-authdaystrom audit --profile my-security-profile --provider claude-apigit clone git@github.com:cdot65/daystrom.git
cd daystrom
pnpm install
cp .env.example .env # edit with your credentials
pnpm run generate # run via tsx
pnpm test # run test suite
pnpm run lint # biome checkFull docs — architecture, providers, memory system, metrics, and more:
MIT