CLI Commands

Zero-to-governed in 60 seconds. Auto-discovers your MCP configs, wraps every server with the security proxy, generates baseline policies, and shows a before/after coverage score.

--config <path> --dry-run --skip-policy --no-color

Initialize Navil and connect to the cloud. Creates ~/.navil/config.yaml with your API key and sync settings.

--api-key <key>

Analyze MCP configuration for security vulnerabilities (hardcoded credentials, insecure protocols, malicious patterns)

--format text|sarif|json --output <path>

Wrap all MCP servers in your config with Navil’s transparent security shim. Agents connect as usual — Navil intercepts and inspects every tool call.

--only <servers> --skip <servers> --policy <path> --dry-run --undo

Wrap a single stdio MCP server binary with Navil security checks. Supports policy enforcement and scope filtering.

--agent <name> --policy <path>

Start the security proxy — intercepts and inspects MCP traffic in real-time with JSON-RPC inspection

--target <url> --port <port> --verbose --require-auth

Check if a specific tool call would be allowed by the current policy.

--tool <name> --agent <name> --action <action>

Generate an initial security policy from observed behavioral baselines (zero-config onboarding).

Launch the local web dashboard for visual security monitoring. Open http://localhost:8484 in your browser.

--host <addr> --port <port> --no-demo

Link this machine to your Navil Cloud account. Opens a browser window for authentication.

Disconnect from cloud. Anonymous sharing continues — only removes API key from local config.

Show current cloud connection status (enrolled org, tier, machine ID, sync state).

Run adversarial attack scenarios against your Navil instance to verify detection coverage across all 11 anomaly types

--json --output <path>

Populate ML baselines with simulated agent traffic (82K+ invocations). Required on first run for anomaly detection to work.

--full --export