Package Exports
This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (@kill-switch/cli) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.
Readme
@kill-switch/cli
Stop runaway cloud bills from the terminal. Monitor Cloudflare, GCP, and AWS spending with automatic kill switches that shut down services before they drain your account.
Born from a $91K Cloudflare bill.
Install
npm install -g @kill-switch/cliThis gives you two commands: kill-switch and ks (short alias).
Quick Start
# 1. Get an API key from https://app.kill-switch.net (Settings > API Keys)
ks auth login --api-key ks_live_your_key_here
# 2. Connect your cloud provider and apply protection
ks onboard --provider cloudflare \
--account-id YOUR_ACCOUNT_ID \
--token YOUR_API_TOKEN \
--name "Production" \
--shields cost-runaway,ddos
# 3. Check your accounts
ks checkOne-Command Setup
The onboard command connects a provider, applies shield presets, and configures alerts in one step:
# Cloudflare
ks onboard --provider cloudflare \
--account-id YOUR_CF_ACCOUNT_ID \
--token YOUR_CF_API_TOKEN \
--name "Production" \
--shields cost-runaway,ddos \
--alert-pagerduty YOUR_ROUTING_KEY
# AWS
ks onboard --provider aws \
--access-key AKIA... \
--secret-key wJalr... \
--region us-east-1 \
--shields aws-cost-runaway,gpu-runaway
# GCP
ks onboard --provider gcp \
--project-id my-project-123 \
--service-account "$(cat key.json)" \
--shields cost-runaway
# Interactive mode (prompts for everything)
ks onboardDon't know where to find your credentials? Run:
ks onboard --help-provider cloudflare
ks onboard --help-provider aws
ks onboard --help-provider gcpShields (Quick Protect)
Apply preset protection rules with one command:
ks shield cost-runaway # Kill services exceeding daily cost limit
ks shield ddos # Kill services getting excessive requests
ks shield gpu-runaway # Stop unexpected GPU instances
ks shield lambda-loop # Throttle recursive Lambda invocations
ks shield aws-cost-runaway # Emergency stop on AWS daily spend spike
ks shield brute-force # Rotate creds on mass auth failures
ks shield exfiltration # Isolate on unusual egress
ks shield error-storm # Scale down on sustained high error rate
# List all shields
ks shield --listAlert Channels
# List configured channels
ks alerts list
# Add PagerDuty (recommended — get routing key from PagerDuty > Service > Integrations)
ks alerts add --type pagerduty --routing-key YOUR_ROUTING_KEY
# Add Slack
ks alerts add --type slack --webhook-url https://hooks.slack.com/...
# Add Discord
ks alerts add --type discord --webhook-url https://discord.com/api/webhooks/...
# Add GitHub AI remediation (triggers Claude Code to open a fix PR on extreme violations)
ks alerts add --type github \
--token ghp_YOUR_PAT \
--repo-owner YOUR_ORG \
--repo-name YOUR_REPO \
--workflow kill-switch-remediate.yml \
--branch main
# Add email or generic webhook
ks alerts add --type email --email you@example.com
ks alerts add --type webhook --webhook-url https://your-service.example.com/webhook
# Remove a channel by name
ks alerts remove "PagerDuty"
# Send a test alert to all channels
ks alerts testCommands
| Command | Description |
|---|---|
ks onboard |
One-command setup: connect + shields + alerts |
ks auth login |
Authenticate with API key |
ks auth status |
Show auth status |
ks status |
Dashboard: accounts, alerts, 30-day spend summary |
ks accounts list |
List connected cloud accounts |
ks accounts add |
Connect a cloud provider |
ks accounts check <id> |
Run manual check on an account |
ks check |
Check all accounts (shows violations with multiplier column e.g. 60x) |
ks shield <preset> |
Apply a protection preset |
ks rules list |
List active rules |
ks alerts list |
List alert channels |
ks alerts add |
Add an alert channel |
ks alerts remove <name> |
Remove an alert channel by name |
ks alerts test |
Send a test alert to all channels |
ks analytics |
Cost analytics: spend summary, 7-day table, per-account breakdown |
ks config list |
Show configuration |
AI Agent Usage
The CLI is designed for AI coding agents (Claude Code, Cursor, Windsurf) to set up cloud monitoring on behalf of users without interactive prompts.
# Set API key via env var
export KILL_SWITCH_API_KEY=ks_live_your_key
# Non-interactive setup with JSON output
ks onboard \
--provider cloudflare \
--account-id CF_ACCOUNT_ID \
--token CF_API_TOKEN \
--name "Production" \
--shields cost-runaway,ddos \
--alert-pagerduty KEY \
--json
# Add PagerDuty alerts
ks alerts add --type pagerduty --routing-key KEY --json
# Full status dashboard
ks status --json
# All commands support --json for machine-readable output
ks accounts list --json
ks check --json
ks analytics --jsonCLAUDE.md Integration
Add this to your project's CLAUDE.md so your AI agent knows how to manage Kill Switch:
## Kill Switch (Cloud Cost Protection)
- CLI: `ks` (alias for `kill-switch`)
- Auth: KILL_SWITCH_API_KEY env var or `ks auth login --api-key KEY`
- Setup: `ks onboard --provider cloudflare --account-id ID --token TOKEN`
- Check: `ks check --json`
- Docs: `ks onboard --help-provider cloudflare`Authentication
The CLI uses personal API keys (prefixed with ks_live_). Create one from app.kill-switch.net under Settings > API Keys.
Auth resolution order:
KILL_SWITCH_API_KEYenvironment variable (best for CI/CD and AI agents)--api-keyflag on any command~/.kill-switch/config.json(set byks auth login)
Global Options
| Flag | Description |
|---|---|
--json |
Output raw JSON (for automation/scripting/AI agents) |
--api-key <key> |
Override API key for this command |
--api-url <url> |
Override API URL |
-V, --version |
Show version |
-h, --help |
Show help |
Exit Codes
| Code | Meaning |
|---|---|
0 |
Success |
1 |
Client error (bad arguments, API error) |
2 |
Authentication error (invalid/missing API key) |
Links
License
MIT