runtime customer-apps¶

runtime customer-apps list¶

List customer apps

airs runtime customer-apps list [options]

Options¶

Flag	Required	Default	Description
`--limit <n>`	No	`100`	Max results
`--output <format>`	No	`pretty`	Output format: pretty, table, csv, json, yaml

Examples¶

Pretty output (default) — only name is rendered; richer detail requires customer-apps get (currently blocked, see cdot65/prisma-airs-cli#115)

airs runtime customer-apps list --limit 2

Prisma AIRS — Runtime Configuration
Security profile and topic management


Customer Apps:

  example-app
  example-other-app

JSON output — id and description are empty in the list response (the list endpoint only returns names)

airs runtime customer-apps list --limit 2 --output json

[
  {
    "id": "",
    "name": "example-app",
    "description": ""
  },
  {
    "id": "",
    "name": "example-other-app",
    "description": ""
  }
]

YAML output (multi-doc stream — one document per app)

airs runtime customer-apps list --limit 2 --output yaml

id:
name: example-app
description:
---
id:
name: example-other-app
description:

runtime customer-apps get¶

Get customer app details

airs runtime customer-apps get [options] <appName>

Arguments¶

appName (required) —

Examples¶

Example needed

No curated input/output example for this command yet.

runtime customer-apps update¶

Update a customer app

airs runtime customer-apps update [options] <appId>

Arguments¶

appId (required) —

Options¶

Flag	Required	Default	Description
`--config <path>`	Yes	—	JSON file with app updates

Examples¶

Example needed

No curated input/output example for this command yet.

runtime customer-apps delete¶

Delete a customer app

airs runtime customer-apps delete [options] <appName>

Arguments¶

appName (required) —

Options¶

Flag	Required	Default	Description
`--updated-by <email>`	Yes	—	Email of user performing deletion

Examples¶

Example needed

No curated input/output example for this command yet.

runtime customer-apps consumption¶

Show per-app token consumption + violation breakdown (SCM dashboard). Omit appName to scan all apps.

airs runtime customer-apps consumption [options] [appName]

Arguments¶

appName (optional) — Dashboard application name — the literal scan-payload metadata.app_name, as shown in the SCM AI Applications view (may differ from the SCM-registered customer-app name). Omit to report every dashboard bucket.

Options¶

Flag	Required	Default	Description
`--time-interval <n>`	No	`30`	Window in days: 7, 30, or 60
`--output <format>`	No	`pretty`	Output format: pretty, table, csv, json, yaml

Examples¶

Pretty output (default) — single app, default 30-day window. Only firing detectors are shown.

airs runtime customer-apps consumption example-app

Prisma AIRS — Runtime Configuration
Security profile and topic management


example-app  (00000000-0000-0000-0000-000000000001)
  Monitoring since: 2026-05-25T16:42:52Z
  Source:           api
  Cloud:            other
  Profiles:         AI Gateway - Strict

  Token consumption:
    Daily avg:     37
    Monthly total: 37

  Sessions:
    Total:     2
    Violating: 1

  Detectors (1 violating, 1/8 firing):
    tc                       1  c=0 h=0 m=1 l=0

Table output — one row per detector, app-level context repeated on every row.

airs runtime customer-apps consumption example-app --output table

App         │ AppId                                │ MonitoringSince      │ DailyAvg │ MonthlyTotal │ Sessions │ Violating │ Detector       │ C │ H │ M │ L │ Total
────────────┼──────────────────────────────────────┼──────────────────────┼──────────┼──────────────┼──────────┼───────────┼────────────────┼───┼───┼───┼───┼───────
example-app │ 00000000-0000-0000-0000-000000000001 │ 2026-05-25T16:42:52Z │ 37       │ 37           │ 2        │ 1         │ agent_security │ 0 │ 0 │ 0 │ 0 │ 0
example-app │ 00000000-0000-0000-0000-000000000001 │ 2026-05-25T16:42:52Z │ 37       │ 37           │ 2        │ 1         │ dbs            │ 0 │ 0 │ 0 │ 0 │ 0
example-app │ 00000000-0000-0000-0000-000000000001 │ 2026-05-25T16:42:52Z │ 37       │ 37           │ 2        │ 1         │ dlp            │ 0 │ 0 │ 0 │ 0 │ 0
example-app │ 00000000-0000-0000-0000-000000000001 │ 2026-05-25T16:42:52Z │ 37       │ 37           │ 2        │ 1         │ malicious_code │ 0 │ 0 │ 0 │ 0 │ 0
example-app │ 00000000-0000-0000-0000-000000000001 │ 2026-05-25T16:42:52Z │ 37       │ 37           │ 2        │ 1         │ pi             │ 0 │ 0 │ 0 │ 0 │ 0
example-app │ 00000000-0000-0000-0000-000000000001 │ 2026-05-25T16:42:52Z │ 37       │ 37           │ 2        │ 1         │ source_code    │ 0 │ 0 │ 0 │ 0 │ 0
example-app │ 00000000-0000-0000-0000-000000000001 │ 2026-05-25T16:42:52Z │ 37       │ 37           │ 2        │ 1         │ tc             │ 0 │ 0 │ 1 │ 0 │ 1
example-app │ 00000000-0000-0000-0000-000000000001 │ 2026-05-25T16:42:52Z │ 37       │ 37           │ 2        │ 1         │ uf             │ 0 │ 0 │ 0 │ 0 │ 0

CSV output — pipe straight into spreadsheets or BigQuery. Self-contained rows; no join needed.

airs runtime customer-apps consumption example-app --output csv

App,AppId,MonitoringSince,DailyAvg,MonthlyTotal,Sessions,Violating,Detector,C,H,M,L,Total
example-app,00000000-0000-0000-0000-000000000001,2026-05-25T16:42:52Z,37,37,2,1,agent_security,0,0,0,0,0
example-app,00000000-0000-0000-0000-000000000001,2026-05-25T16:42:52Z,37,37,2,1,dbs,0,0,0,0,0
example-app,00000000-0000-0000-0000-000000000001,2026-05-25T16:42:52Z,37,37,2,1,dlp,0,0,0,0,0
example-app,00000000-0000-0000-0000-000000000001,2026-05-25T16:42:52Z,37,37,2,1,malicious_code,0,0,0,0,0
example-app,00000000-0000-0000-0000-000000000001,2026-05-25T16:42:52Z,37,37,2,1,pi,0,0,0,0,0
example-app,00000000-0000-0000-0000-000000000001,2026-05-25T16:42:52Z,37,37,2,1,source_code,0,0,0,0,0
example-app,00000000-0000-0000-0000-000000000001,2026-05-25T16:42:52Z,37,37,2,1,tc,0,0,1,0,1
example-app,00000000-0000-0000-0000-000000000001,2026-05-25T16:42:52Z,37,37,2,1,uf,0,0,0,0,0

JSON output — one object per detector per app; full app context repeated for self-contained records.

airs runtime customer-apps consumption example-app --output json

[
  {
    "app_name": "example-app",
    "app_id": "00000000-0000-0000-0000-000000000001",
    "monitoring_since": "2026-05-25T16:42:52Z",
    "daily_avg": "37",
    "monthly_total": "37",
    "sessions_total": 2,
    "sessions_violating": 1,
    "detector": "tc",
    "critical": 0,
    "high": 0,
    "medium": 1,
    "low": 0,
    "total": 1
  }
]

YAML output — multi-doc stream, one document per detector per app.

airs runtime customer-apps consumption example-app --output yaml

app_name: example-app
app_id: 00000000-0000-0000-0000-000000000001
monitoring_since: 2026-05-25T16:42:52Z
daily_avg: '37'
monthly_total: '37'
sessions_total: 2
sessions_violating: 1
detector: tc
critical: 0
high: 0
medium: 1
low: 0
total: 1

Alternate time window — --time-interval accepts 7, 30, or 60 days (server-enforced enum).

airs runtime customer-apps consumption example-app --time-interval 60

All-apps loop — omit appName to enumerate every dashboard application bucket (one per distinct scan-payload app_name, so a single registered customer-app can appear as several buckets). Errors on individual apps are reported per-app; the loop continues past failures. Zero-traffic apps render no detector violations in window.

airs runtime customer-apps consumption

Invalid time-interval rejected client-side before incurring an API call.

airs runtime customer-apps consumption example-app --time-interval 14

Error: --time-interval must be 7, 30, or 60 (the API rejects other values)

Unknown name lists the available dashboard application names and explains that the name to use is the literal scan-payload metadata.app_name (which may differ from the SCM-registered customer-app name).

airs runtime customer-apps consumption no-such-app

Prisma AIRS — Runtime Configuration
Security profile and topic management


Error: Dashboard application not found: "no-such-app". Available (as shown in SCM AI Applications view): example-app, Claude Code, LiteLLM, Portkey, chatbot. Note: the name to use is the literal value your integration sends in scan metadata.app_name (which may differ from the SCM application name).