Terminal Guardian Buy Now — $49

Windows • PowerShell 7+

Trust Model

What Terminal Guardian does, what it governs, and what it explicitly does not do. This page is the honest contract between the product and its users.

What it is

Terminal Guardian is a Windows-only PowerShell 7+ safety module. It intercepts every command in the PowerShell sessions it governs and evaluates each one against an active policy pack before execution — not after.

Platform

Windows only • PowerShell 7+ (pwsh)

Release

Current validated release: v2.3.3

Evaluation model

Deterministic rule-based policy — no ML, no heuristics

Enforcement

Local-first — core enforcement runs on your machine

Four deterministic policy outcomes

The same command evaluated against the same policy always produces the same outcome. There is no probabilistic scoring, no behavioral drift, and no model retraining. This predictability is a feature, not a limitation.

ALLOW

Command clears policy. Execution proceeds. No user-visible interruption.

WARN

Elevated risk flagged. Execution continues with a visible warning written to the audit trail.

CHALLENGE

Explicit confirmation required before execution. Outcome logged regardless of user response.

BLOCK

Command halted. Execution does not proceed. Policy rule name and actor written to audit trail.

What it does

  • Evaluates every PowerShell command before execution

    Every command — typed, pasted, scripted, or AI-generated — is evaluated against the active policy pack before the shell runs it.

  • Maintains a local per-command audit trail

    Every evaluation is logged with outcome, matched policy rule, and actor context. The log stays on your machine.

  • Redacts secrets before logging

    Tokens, passwords, and API keys passed inline in commands are redacted from log output before storage.

  • Verifies policy manifest integrity via SHA-256

    The active policy pack is verified against a SHA-256 manifest. If the policy has been modified outside of sanctioned change, the integrity check detects it.

  • Supports dry-run mode

    Preview the policy outcome for any command without executing it. Useful before running unfamiliar scripts or AI-generated commands.

  • Runs local-first — no cloud required for enforcement

    Core policy evaluation happens entirely on your machine. No behavioral telemetry is sent externally. tg selftest optionally performs a cloud integrity check, which is the only network call.

Non-scope — read this before purchasing

What it is not

Terminal Guardian is a guardrail for the PowerShell session it governs. It is not a comprehensive security platform. The following are explicit non-scope, meaning the product makes no claims to protect against them:

  • Not antivirus or EDR

    It does not scan files, detect malware, monitor running processes, or replace endpoint security tools.

  • Not a replacement for backups or change review

    Blocking a command is not a substitute for having backups. Terminal Guardian does not recover deleted files or rolled-back configurations.

  • Does not govern other shells

    cmd.exe, bash, WSL, and non-PowerShell processes are outside its scope. Only commands routed through a protected pwsh session are evaluated.

  • Does not stop a determined local actor

    Terminal Guardian is a guardrail for workflow safety — not a hard security boundary for hostile actors with local machine access. If someone opens a new PowerShell session outside the protected profile, enforcement does not apply.

  • Windows PowerShell 5.1 is not supported

    Requires PowerShell 7+ (pwsh). Not compatible with the legacy Windows PowerShell engine.

Installation integrity

After installation, run tg selftest in a new pwsh window. All checks passing confirms:

  • Module loaded correctly in the active PowerShell session

  • Policy pack loaded and SHA-256 manifest verified

  • Enforcement active — commands are being evaluated before execution

  • Cloud integrity check passed (optional network call)

PowerShell 7+ — after setup
PS C:\> tg selftest
All checks passed ✓
PS C:\> tg --version
TerminalGuardian 2.3.3

Publisher

Company

Mean Robotics LLC

Support

[email protected]

Distribution

Gumroad — one-time purchase, instant ZIP download

Telemetry

None during core enforcement. Optional cloud integrity check in tg selftest only.

Related pages

Use Cases Enterprise Security FAQ ← Homepage

Ready to add guardrails to your workflow?

One-time purchase • Instant ZIP download • Setup in under 2 minutes • v2.3.3

Buy Now — $49