Use Cases

What can go wrong

AI coding tools produce syntactically valid PowerShell that can include destructive patterns — wide-scope deletes, registry writes, credential exposure. It's easy to paste and run without reviewing every line, especially under time pressure or when the output looks reasonable.

How Terminal Guardian helps

Every pasted command is evaluated against policy before execution. Destructive patterns — regardless of whether they came from a model or were hand-typed — are blocked or challenged before they run. The policy doesn't know or care about the source; it evaluates the command.

What can go wrong

Recursive deletes, registry edits, service changes, and disk-level operations on production systems carry real consequences. One wrong path wildcard or a script run in the wrong session is catastrophic. Confirmation dialogs in the shell are rare; there is usually no second chance.

How Terminal Guardian helps

Policy rules challenge or block high-risk operations. Risky commands require explicit confirmation before execution. Every action — whether allowed, challenged, or blocked — is written to the audit trail with outcome and rule context.

What can go wrong

During active incidents, operators move fast. Commands get run from memory, copied from Slack or runbooks, or adapted from prior incidents without careful review. Time pressure is the enemy of caution.

How Terminal Guardian helps

Blocks known-dangerous patterns even when the operator is moving at speed. Low-risk commands are allowed without friction. High-risk operations require confirmation. The full audit trail captures what ran, with what outcome, for every command in the session.

What can go wrong

Scripts that behave safely on dev are destructive on prod. Environment variables, path targets, and resource names drift between environments. A script that hardcodes or resolves incorrectly can wipe a production dataset before anyone can intervene.

How Terminal Guardian helps

Policy evaluation runs inside every protected pwsh session — including automation contexts where Terminal Guardian is loaded. The same policy rules apply whether a command is typed interactively or executed from a script.

What can go wrong

PowerShell has no native per-command audit outside of Windows Event Forwarding or ETW configuration, which many environments don't have in place. When incidents happen, forensics are limited. Secrets frequently appear in command history without redaction.

How Terminal Guardian helps

Provides a local per-command audit trail with outcome, matched rule, and actor context for every evaluated command. Sensitive values are redacted before storage. The trail supports governance reviews, incident forensics, and internal audit programs.

What can go wrong

Evaluating security tooling without disrupting existing workflows is hard. Black-box tools are difficult to justify to internal reviewers. Without a clean install path and verifiable post-install integrity, pilot programs stall at procurement.

How Terminal Guardian helps

Per-machine install via setup.cmd. Post-install integrity verified with tg-selftest. Policy packs are human-readable JSON — reviewable before deployment. No cloud dependency means no network approval process required to evaluate.