CLI

Overview

Run prism --help to see all available commands:

Usage: prism [OPTIONS] COMMAND [ARGS]...

  Prism — local LLM security policy enforcement

Commands:
  start     Start all Prism services in the background.
  stop      Stop all running Prism services.
  status    Show health status of all Prism services.
  proxy     Show how to route agent traffic through the Fencio Proxy.
  logs      Tail service logs.
  tenant    Show the current tenant ID.
  policies  List installed policies from the Management Plane.
  update    Update Prism from git, reinstall, and optionally restart.
  agents    Manage agents registered with the Fencio Proxy.

Start & Stop

prism start starts all Prism services in the background. The following services are launched:

  • **Prism Gateway** :47000
  • **Data Plane gRPC** :50051
  • **Fencio Proxy** :47100
prism start
prism stop

After starting, the Prism UI is available at http://localhost:47000.

Status

prism status shows a health table for all services. Columns: **Service**, **Port**, **Status**, **Endpoint**. Services checked: Prism Gateway, Data Plane (gRPC), Fencio Proxy, Proxy API. In Docker Compose and Kubernetes, service addresses are resolved from PRISM_PROXY_URL and DATA_PLANE_URL — both are pre-configured in the provided docker-compose.yml and Helm chart.

prism status

Logs

Tail service logs in real time. Log files live in ~/.prism/data/logs/.

  • prism logs: tail all service logs.
  • prism logs <service>: tail a specific service. Service options: mgmt, data, mcp.
  • --lines / -n: number of lines to show (default: 50).
prism logs mgmt -n 100

Policies

prism policies lists all installed policies from the Management Plane. Fetches from http://localhost:47000/api/v2/policies.

prism policies

Agents

Manage agents registered with the Fencio Proxy.

  • prism agents: opens an interactive TUI for managing agents.
  • prism agents list: list all registered agents (non-interactive).
  • prism agents create <name> [--description/-d]: register a new agent. Returns agent_id and api_key. The API key is shown once. Store it securely.

TUI keyboard bindings:

KeyAction
nNew agent
dDelete
spaceEnable / Disable
qQuit
 
prism agents create "my-agent" -d "Production agent"

The response includes an agent_id and an api_key. Save both values — they are required to authenticate requests through the proxy. The api_key is only shown once and cannot be retrieved again.

Proxy Routing

prism proxy prints routing instructions. To route traffic through the proxy, add these to your project's .env file — or prefix your command to scope them to a single run:

.env file (recommended)

HTTP_PROXY=http://localhost:47100
HTTPS_PROXY=http://localhost:47100

Inline (single command)

HTTP_PROXY=http://localhost:47100 HTTPS_PROXY=http://localhost:47100 python your_agent.py

Register an agent first: prism agents create "my-agent" and copy the agent_id. Set the following header on every request:

Requests without this header are dropped with 403.

Proxy Documentation For a complete end-to-end walkthrough including Python SDK setup. Proxy documentation → LangChain Integration LangChain users can use the LangChain integration instead of setting proxy env vars manually. LangChain integration docs →

Update

prism update pulls the latest from git, reinstalls, and restarts all services.

  • --branch: Branch to pull from (default: main).
  • --no-restart: Skip restarting services after update.
  • --dry-run: Preview the steps without making changes.
prism update --dry-run