What does this repo signal mean?

Snowflake (Arctic) published Snowflake-Labs/sfutils-networks (Python). This repository signal exposes tooling, eval, infrastructure, or model-adjacent work before it may appear in a launch post. High-signal details: repo Snowflake-Labs/sfutils-networks · language Python · New repo from Snowflake, no traction yet.. onlylabs links this event to 1 captured evidence page and 6 related repo signals.

Snowflake (Arctic) Repo: Snowflake-Labs/sfutils-networks

Captured source

source ↗

GitHub/github.com/Snowflake-Labs/sfutils-networks

Snowflake-Labs/sfutils-networks repository metadata

Source ↗

published Mar 31, 2026seen 5dcaptured 14hhttp 200method plain

Snowflake-Labs/sfutils-networks

Language: Python

Stars: 0

Forks: 0

Open issues: 0

Created: 2026-03-31T12:31:55Z

Pushed: 2026-05-08T04:07:43Z

Default branch: main

Fork: no

Archived: no

README:

sfutils-networks

Create and manage Snowflake network rules and policies from the terminal. Supports IPv4 presets for GitHub Actions, Google services, and local IP detection.

5+ manual steps → single command.

Prerequisites

Snowflake CLI (snow) installed and configured
Python 3.12+
Task (optional, for task-based workflow)

Install

uv sync # or: pip install .

Quick Start

# Create a network rule with your local IP (default)
sfutils-networks rule create --name dev_rule --db my_db

# Include GitHub Actions runner IPs for CI/CD
sfutils-networks rule create --name ci_rule --db my_db --allow-gh

# Create rule + network policy in one command
sfutils-networks rule create --name ci_rule --db my_db --allow-gh --policy ci_policy

# Google IPs (App Scripts, Cloud Functions, etc.)
sfutils-networks rule create --name google_rule --db my_db --allow-google

# Egress rule for external APIs
sfutils-networks rule create --name api_egress --db my_db \
--mode egress --type host_port \
--values "api.openai.com:443,api.anthropic.com:443"

Task Workflow

task create NW_RULE_NAME=dev_rule NW_RULE_DB=my_db
task github NW_RULE_NAME=ci_rule NW_RULE_DB=my_db
task google NW_RULE_NAME=google_ips NW_RULE_DB=my_db
task local NW_RULE_NAME=dev_local NW_RULE_DB=my_db

task policy -- --name ci_policy --rules "DB.NETWORKS.RULE1"
task list-rules NW_RULE_DB=my_db
task list-policies
task update-rule NW_RULE_NAME=my_rule NW_RULE_DB=my_db
task delete-rule NW_RULE_NAME=old_rule NW_RULE_DB=my_db
task delete-policy -- --name old_policy

CLI Commands

| Command | Description | |---------|-------------| | rule create | Create a network rule with presets and/or custom values | | rule update | Replace values in an existing network rule | | rule delete | Delete a network rule | | rule list | List network rules in a schema | | policy create | Create a network policy with specified rules | | policy alter | Add rules to an existing network policy | | policy delete | Delete a network policy | | policy list | List all network policies | | policy assign | Assign a network policy to a user |

Supported Rule Modes and Types

| Mode | Valid Types | |------|------------| | ingress | ipv4, awsvpceid | | egress | ipv4, host_port | | internal_stage | ipv4, awsvpceid | | postgres_ingress | ipv4, awsvpceid | | postgres_egress | ipv4, host_port |

IPv4 Presets

| Flag | Source | |------|--------| | --allow-local (default ON) | Your current public IP via ipify.org | | --allow-gh | GitHub Actions runner IPs via GitHub meta API | | --allow-google | Google IP ranges via gstatic.com | | --values | Custom comma-separated CIDRs or host:port values |

Environment Variables

| Variable | Description | |----------|-------------| | NW_RULE_NAME | Network rule name | | NW_RULE_DB | Database for network rules | | NW_RULE_SCHEMA | Schema for network rules (default: NETWORKS) |

sf-utils-skills — Cortex Code skill sf-utils-networks (after repo rename from snow-utils-skills)

License

Apache 2.0

Notability

notability 3.0/10

New repo from Snowflake, no traction yet.