A simple CLI tool for managing Vercel Firewall rules as code, enabling version control and automated deployment of your project's security configuration.
- 🔒 Manage Firewall Rules: Create, update, and delete Vercel Firewall rules using a simple configuration file
- 🔄 Sync Rules: Easily sync rules between your configuration file and Vercel
- ⬇️ Download Rules: Import existing firewall rules from your Vercel project
- ✅ Validation: Built-in configuration validation to prevent errors
- 📋 List Rules: View current firewall rules in table or JSON format
- 🚀 CI/CD Integration: Automate firewall rule management in your deployment pipeline
npm install vercel-doorman
# or
yarn add vercel-doorman
# or
pnpm add vercel-doormanCreate a vercel-firewall.config.json file in your project root:
{
"projectId": "your-project-id",
"teamId": "your-team-id",
"rules": [
{
"name": "block-country",
"type": "country",
"action": "deny",
"values": ["CN", "RU"],
"active": true,
"description": "Block traffic from specific countries"
},
{
"name": "rate-limit-api",
"type": "path",
"values": ["/api"],
"active": true,
"description": "Rate limit API endpoints",
"action": {
"type": "log",
"rateLimit": {
"requests": 100,
"window": "60s"
},
"duration": "1h"
}
},
{
"name": "redirect-legacy",
"type": "path",
"values": ["/old-path"],
"active": true,
"description": "Redirect legacy paths",
"action": {
"type": "allow",
"redirect": {
"location": "/new-path",
"permanent": false // or true
}
}
}
]
}First, create a Vercel API Token with appropriate permissions.
vercel-doorman list [configVersion] --token YOUR_TOKENLists firewall rules, either the current active configuration or a specific version.
Options:
configVersion: Optional version number to fetch a specific configuration version--projectId, -p: Vercel Project ID--teamId, -t: Vercel Team ID--token: Vercel API token--format, -f: Output format (json or table, defaults to table)
Examples:
# List current active rules
vercel-doorman list
# List rules from a specific version
vercel-doorman list 1
# List specific version in JSON format
vercel-doorman list 2 --format jsonvercel-doorman sync --token YOUR_TOKENOptions:
--config, -c: Path to config file (defaults to vercel-firewall.config.json)--projectId, -p: Vercel Project ID (can be set in config file)--teamId, -t: Vercel Team ID (can be set in config file)--token: Vercel API token
vercel-doorman download [configVersion] --token YOUR_TOKENDownloads firewall rules from your Vercel project and updates your local configuration file. You can download either the current active configuration or a specific version. Includes a confirmation prompt before making changes.
Options:
configVersion: Optional version number to download a specific configuration version--config, -c: Path to config file (defaults to vercel-firewall.config.json)--projectId, -p: Vercel Project ID (can be set in config file)--teamId, -t: Vercel Team ID (can be set in config file)--token: Vercel API token--dry-run, -d: Preview changes without modifying the config file
Example workflows:
# Download latest configuration
# First, preview the rules
vercel-doorman download --dry-run
# Then download and update the config
vercel-doorman download
# Download specific version
# First, preview the rules from version 1
vercel-doorman download 1 --dry-run
# Then download version 1 and update the config
vercel-doorman download 1vercel-doorman validateOptions:
--config, -c: Path to config file (defaults to vercel-firewall.config.json)--verbose, -v: Show detailed validation results
Instead of passing command-line arguments, you can set these environment variables:
VERCEL_TOKEN: Your Vercel API tokenVERCEL_PROJECT_ID: Your Vercel project IDVERCEL_TEAM_ID: Your Vercel team ID
Contributions are welcome!
This project is licensed under the MIT License - see the LICENSE file for details.