SecureNow CLI

A full-featured command line interface for managing applications, investigating threats, analyzing traces, running forensic queries, and automating security workflows.

⚡

Auto-Instrument

Run any Node.js app with built-in OpenTelemetry tracing.

🔍

Investigate

Natural language forensic queries and IP intelligence lookup.

🛡️

Protect

Manage blocklists, firewall rules, and alert channels.

Quick Start

bash

# Install
npm install -g securenow

# Authenticate
securenow login

# Run your app with auto-instrumentation
securenow run src/index.js

# Check dashboard overview
securenow status

Installation

Install the securenow package globally or as a project dependency. It includes the CLI binary, the Node.js SDK, and framework integrations (Next.js, Nuxt, Express).

Global (recommended for CLI usage)

bash

npm install -g securenow

Project dependency

bash

npm install securenow

Run without installing

bash

npx securenow help

Requires: Node.js 18 or later. The CLI is a CommonJS package and works on macOS, Linux, and Windows.

Authentication

Most CLI commands require authentication. Login opens a browser flow or accepts a token directly. Credentials (session token, default app, firewall API key) are stored in ./.securenow/credentials.json by default, or ~/.securenow/credentials.json with --global.

Since v7.1.0, the browser login has an extra step: after you pick the app, it asks "Enable the Firewall?". Saying yes mints an API key scoped to firewall sync and drops it into your credentials file — the firewall then activates on next app start with no env var to manage.

securenow login

Authenticate with SecureNow. Opens a browser-based login flow by default, now with an optional firewall-onboarding step.

Flag	Description
--token <TOKEN>	Skip browser flow and use a token directly
--global	Save to ~/.securenow/ instead of the project-local .securenow/

bash

securenow login
securenow login --global
securenow login --token eyJhbGciOi...

securenow logout

Clear stored credentials from this machine.

bash

securenow logout

securenow whoami

Show current session info: email, user ID, API URL, token expiry, and default app.

bash

securenow whoami

api-key

Manage the firewall API key stored in .securenow/credentials.json. Introduced in v7.1.0 so you don't have to juggle SECURENOW_API_KEY in a .env file. On app start, the SDK resolves the key from env first (only if it starts with snk_live_), then the project creds file, then the global creds file.

securenow api-key set

Save a snk_live_ API key to the credentials file. Validates the prefix and auto-adds .securenow/ to .gitignore.

$ securenow api-key set <snk_live_...> [--global]

Flag	Description
--global	Save to ~/.securenow/ instead of project-local

bash

securenow api-key set snk_live_xxxxxxxxxxxxxxxx
securenow api-key set snk_live_xxxxxxxxxxxxxxxx --global

securenow api-key show

Print the currently-resolved API key (masked) and its source file.

bash

securenow api-key show

securenow api-key clear

Remove just the stored API key; leaves session token and app selection intact.

Flag	Description
--global	Clear from ~/.securenow/ instead of project-local

bash

securenow api-key clear
securenow api-key clear --global

Configuration

CLI configuration is stored in ~/.securenow/config.json. You can also set values via environment variables.

Config Key	Env Variable	Default	Description
apiUrl	SECURENOW_API_URL	https://api.securenow.ai	API base URL
appUrl	SECURENOW_APP_URL	https://app.securenow.ai	Dashboard URL
defaultApp	SECURENOW_APP	—	Default application API key
output	—	text	Output format (text or json)

bash

# Set default app key
securenow config set defaultApp sk_live_abc123

# Get a config value
securenow config get apiUrl

# Show all config
securenow config get

# Show config file paths
securenow config path

Global Flags

These flags can be used with any command.

Flag	Short	Description
--json	-j	Output as JSON instead of formatted text
--help	—	Show help for a command
--verbose	-v	Show additional details in output
--force	-f	Skip confirmation prompts
--yes	-y	Alias for --force

Integration

Framework Setup

SecureNow auto-instruments your app with OpenTelemetry. Most frameworks need zero code changes — just a preload flag or one config line. See also: API Docs → SDK Installation | Download SKILL.md files

Express / Fastify / Koa / Hapi / NestJS

0 lines changed

bash

# Just add the preload flag — zero code changes
node -r securenow/register src/index.js

# Or use the CLI
npx securenow run src/index.js

# PM2 ecosystem.config.cjs
module.exports = {
  apps: [{
    script: './app.js',
    node_args: '-r securenow/register',
    env: {
      SECURENOW_APPID: 'my-app',
      SECURENOW_INSTANCE: 'https://your-collector:4318',
    },
  }],
};

Environment Variables

All variables the securenow npm package reads at runtime. Set them in .env, .env.local, or your hosting environment. See also: API Docs → Environment Variables

Variable	Default	Description
SECURENOW_APPID	(auto)	Application / service name. Without SECURENOW_NO_UUID=1, a UUID suffix is appended.
SECURENOW_INSTANCE	freetrial.securenow.ai:4318	OTLP collector base URL. Traces → /v1/traces, Logs → /v1/logs.

Run & Instrument

securenow run

Run a Node.js application with automatic OpenTelemetry instrumentation. Traces are sent to your configured SecureNow instance. Supports Node.js flags like --watch and --inspect.

$ securenow run [node-flags] [--firewall-only] <script> [app-args]

Flag	Description
--watch	Pass-through Node.js watch mode
--inspect	Pass-through Node.js inspector
--firewall-only	Preload firewall without OTel tracing overhead — pure IP blocking, no spans or logs

bash

securenow run src/index.js
securenow run --watch src/index.js
securenow run --inspect src/server.js --port 3000
securenow run --firewall-only app.js

Implicit mode: If you pass a file path as the first argument (e.g. securenow src/index.js), the CLI automatically treats it as securenow run src/index.js.

--firewall-only: swaps securenow/register for securenow/firewall-only at preload. Loads dotenv + the IP firewall; skips the entire OTel SDK. Ideal when you want zero-overhead IP blocking without observability.

securenow init

Initialize SecureNow instrumentation in your project. Sets up the environment variable with your API key.

$ securenow init [--key <API_KEY>]

Flag	Description
--key, --api-key	Application API key to write to your .env file

bash

securenow init
securenow init --key sk_live_abc123

Applications

securenow apps

Manage your monitored applications. Create, list, inspect, and delete apps, discover subdomains, and set a default app key for other commands.

$ securenow apps <subcommand> [options]

Subcommand	Description	Flags
list	List all applications	--json
create <name>	Create a new application	--hosts <domains> --instance <id> --json
info <id>	Show application details	--json
delete <id>	Delete an application	--force --yes
default <key>	Set a default application API key	—
discover [appId]	Discover subdomains and add as apps	--domain <domains> --instance <id>
scan	Scan all app domains for new subdomains	--yes --json

bash

# List all apps
securenow apps list

# Create an app linked to specific hosts
securenow apps create my-api --hosts api.example.com,www.example.com

# Set a default app for other commands
securenow apps default sk_live_abc123

# Discover subdomains
securenow apps discover --domain example.com

securenow status

Show a dashboard overview with app health, trace counts, alert status, and protection status.

$ securenow status [--app <key>]

Flag	Description
--app <key>	Show status for a specific application

bash

securenow status
securenow status --app sk_live_abc123

Observe

securenow traces

View and analyze HTTP request traces collected by the SecureNow SDK. List recent traces, inspect individual requests, or trigger AI analysis.

$ securenow traces <subcommand> [options]

Subcommand	Description	Flags
list	List recent traces	--app <key> --limit <n> --start <iso> --end <iso> --json
show <traceId>	Show trace details (headers, body, timing)	--app <key> --json
analyze <traceId>	Start AI analysis on a trace	--json

bash

# List last 10 traces
securenow traces list --app sk_live_abc --limit 10

# Inspect a specific trace
securenow traces show abc123-def456

# Run AI analysis on a suspicious trace
securenow traces analyze abc123-def456

securenow logs

View application logs. Filter by time window, severity level, or trace ID.

$ securenow logs <subcommand> [options]

Subcommand	Description	Flags
list	List recent logs	--app <key> --limit <n> --minutes <n> --start <iso> --end <iso> --level <severity> --verbose --json
trace <traceId>	Show logs for a specific trace	--json

bash

# Last 2 hours of ERROR logs
securenow logs list --app sk_live_abc --minutes 120 --level ERROR

# Show logs for a specific trace
securenow logs trace abc123-def456

# Verbose output with trace/span IDs
securenow logs list --app sk_live_abc --verbose

securenow analytics

View aggregated response analytics for your applications. Shows traffic patterns and response code distribution.

$ securenow analytics [--app <key>] [--instance <id>] [--json]

Flag	Description
--app <key>	Filter by application
--instance <id>	Filter by ClickHouse instance
--json	Output as JSON

bash

securenow analytics
securenow analytics --app sk_live_abc --json

Detect & Respond

securenow notifications

Manage security notifications. List, read, or bulk-mark as read.

$ securenow notifications <subcommand> [options]

Subcommand	Description	Flags
list	List notifications	--limit <n> --page <n> --json
read <id>	Mark a notification as read	—
read-all	Mark all notifications as read	—
unread	Show unread notification count	—

securenow alerts

Manage alerting rules and notification channels. View rules, channels, and alert history.

$ securenow alerts <subcommand> [options]

Subcommand	Description	Flags
rules	List alert rules	--json
channels	List notification channels (Slack, email, webhook)	--json
history	View alert history	--limit <n> --json

securenow fp

Manage false-positive exclusion rules. Create, test, dry-run, and AI-generate conditions to reduce alert noise.

$ securenow fp <subcommand> [options]

Subcommand	Description	Flags
list	List exclusion rules	--json
show <id>	Show rule details	--json
create	Create exclusion rule	--path <path> --path-op <op> --method <method> --reason <text> --conditions <json> --match-mode <all\|any> --rule-scope --target-rules --json
edit <id>	Edit an exclusion rule	--active <bool> --reason --match-mode --conditions --json
delete <id>	Delete a rule	--force --yes
test-body	Test a request body against conditions	--body <body\|@file> --conditions <json> --json
dry-run	Dry-run conditions against live traces (3 days)	--conditions <json> --match-mode <all\|any> --json
ai-fill [desc]	AI-generate conditions from description	--description --context <json> --json
mark <notif-id> <ip>	Mark IP as false positive on a notification	--conditions --match-mode --reason --rule-scope --target-rules --create-exclusion --apply-existing --json

bash

# Create a rule for a specific path and method
securenow fp create --path /api/webhook --method POST --reason "Legit traffic"

# AI-generate conditions from a description
securenow fp ai-fill "Health check from uptime monitor"

# Dry-run conditions against real traces
securenow fp dry-run --conditions '[{"field":"path","operator":"equals","value":"/health"}]'

# Mark an IP as false positive from a notification
securenow fp mark notif_abc123 203.0.113.1 --reason "Internal scanner"

Investigate

securenow ip

Look up threat intelligence for any IP address. Get SecureNow Score, AI verdict, bot detection, and AbuseIPDB data. Also view traces from a specific IP.

$ securenow ip <ip-address>

Subcommand	Description	Flags
lookup <ip>	Full IP intelligence report	--json
traces <ip>	Show traces from this IP	--json

bash

# Quick lookup (shorthand)
securenow ip 185.220.101.1

# Full lookup with JSON output
securenow ip lookup 185.220.101.1 --json

# See what requests came from this IP
securenow ip traces 185.220.101.1

securenow forensics

AI-powered security forensics. Ask questions in natural language and get structured results from your trace data. Supports one-shot queries, interactive chat investigations, and a saved query library.

$ securenow forensics <query | subcommand> [options]

Subcommand	Description	Flags
"<natural language query>"	Execute a natural language forensic query	--app <key> --instance <id>
query <words...>	Same as above (explicit subcommand)	--app <key> --instance <id>
chat	Start an interactive forensics chat session	--app <key> (required)
library	View saved query templates	--json

bash

# Natural language query
securenow forensics "Show me all suspicious IPs from the last 24 hours"

# With a specific app
securenow forensics "Top 10 paths with 500 errors" --app sk_live_abc

# Interactive chat investigation
securenow forensics chat --app sk_live_abc

# Browse saved query templates
securenow forensics library

securenow api-map

View the automatically discovered API surface map for your application. Shows endpoints, methods, and statistics.

$ securenow api-map [subcommand] [options]

Subcommand	Description	Flags
list	List discovered API endpoints	--json
stats	Show API map statistics	--json

Firewall & Remediation

securenow firewall

View firewall status and test IP blocking. Shows active layers, blocklist size, and allows testing if a specific IP would be blocked.

$ securenow firewall <subcommand> [options]

Subcommand	Description	Flags
status	Show firewall status and active layers	--json
test-ip <ip>	Check if an IP would be blocked	--json

bash

# Check firewall status
securenow firewall status

# Test if an IP would be blocked
securenow firewall test-ip 185.220.101.1

securenow blocklist

Manage the IP blocklist. Add, remove, and list blocked IPs.

$ securenow blocklist <subcommand> [options]

Subcommand	Description	Flags
list	List blocked IPs	--json
add [ip]	Block an IP (prompts if no IP given)	--reason --duration --app
remove <id>	Unblock an IP by entry ID	--force --yes
stats	Show blocklist statistics	--json

bash

securenow blocklist add 203.0.113.1 --reason "Port scanner"
securenow blocklist list --json
securenow blocklist stats

securenow allowlist

Manage the IP allowlist. Allowed IPs bypass all blocking rules.

$ securenow allowlist <subcommand> [options]

Subcommand	Description	Flags
list	List allowed IPs	--json
add [ip]	Add an IP to the allowlist	--label --reason
remove <id>	Remove an allowed entry	--force --yes
stats	Allowlist statistics	--json

securenow trusted

Manage trusted IPs. Trusted IPs are excluded from threat scoring but still traced.

$ securenow trusted <subcommand> [options]

Subcommand	Description	Flags
list	List trusted IPs	--json
add [ip]	Add a trusted IP	--label --description
remove <id>	Remove a trusted IP	--force --yes

Telemetry

securenow log send

Emit a structured log record directly to your OTLP collector — without booting the SDK. Mirrors the SDK's getLogger().emit() API. Ideal for cron jobs, shell scripts, and CI pipelines.

$ securenow log send "<message>" [--level info|warn|error] [--attrs k=v,k=v]

bash

securenow log send "Deployment completed" --level info --attrs version=1.2.3,service=api
securenow log send "Backup failed" --level error --attrs host=db-01

Uses the resolved SECURENOW_INSTANCE / OTEL_EXPORTER_OTLP_LOGS_ENDPOINT. Honors OTEL_EXPORTER_OTLP_HEADERS for API-key auth. Exits non-zero on HTTP failure so CI/cron can detect problems.

securenow test-span

Emit a single test span to verify your OTLP collector accepts traffic. Replaces the old SECURENOW_TEST_SPAN=1 env trick — works standalone, no SDK required.

$ securenow test-span [<span-name>]

bash

securenow test-span
securenow test-span "ci.smoke-test"
securenow test-span --json

Utilities

securenow redact

Preview sensitive-data redaction on a JSON payload. Mirrors the SDK's redactSensitiveData() — useful for verifying what will (and won't) reach your collector.

$ securenow redact '<json>' [--fields f1,f2] [--json]

bash

securenow redact '{"user":"alice","password":"s3cret","card":"4242"}'
securenow redact @request.json --fields internal_id,sessionHash

Accepts a JSON string or @path/to/file.json. Merges --fields on top of DEFAULT_SENSITIVE_FIELDS(password, token, card, ssn, …) and honors SECURENOW_SENSITIVE_FIELDS.

securenow cidr

CIDR utilities for testing firewall rules and debugging IP ranges. Wraps the SDK's createMatcher() and parseCidr() so you can validate behavior without writing Node.

$ securenow cidr <match|parse> ...

Subcommand	Description	Flags
match <ip> <cidrs>	Check if an IP matches a CIDR list — exit 0 on hit, 2 on miss (scriptable)	--json
parse <cidr>	Parse a CIDR — print network, broadcast, mask, size	--json

bash

securenow cidr match 10.0.0.5 10.0.0.0/8,192.168.1.0/24
securenow cidr parse 10.0.0.0/24

securenow env

Print the resolved SecureNow configuration — service name, trace/log endpoints, firewall layers, and every relevant environment variable (with the API key masked).

$ securenow env [--json]

bash

securenow env
securenow env --json | jq .resolved

securenow doctor

End-to-end diagnostic. Probes your OTLP traces endpoint, OTLP logs endpoint, and the SecureNow API. Flags missing APPID, free-trial collector use, and orphan firewall config. Exits 1 on any failure — wire it into CI healthchecks.

$ securenow doctor [--json]

bash

securenow doctor
securenow doctor --json

Settings

securenow instances

Manage ClickHouse instances used for trace storage and analytics.

$ securenow instances <subcommand> [options]

Subcommand	Description	Flags
list	List configured instances	--json
test <id>	Test connection to an instance	--json

securenow config

View and manage CLI configuration. Settings are stored in ~/.securenow/config.json.

$ securenow config <subcommand> [key] [value]

Subcommand	Description	Flags
set <key> <value>	Set a configuration value	—
get [key]	Get a value (or show all if no key)	—
path	Show config and credentials file paths	—

securenow version

Print the installed CLI version.

$ securenow version

bash

securenow version

Ready to get started?

Install the CLI, authenticate, and start protecting your applications in minutes.

API Documentation Read the Blog npm Package